我正在寻找一个可以拦截和阻止操作的内核模块,这些操作试图改变文件上不可变和仅附加标志的位。它应该是fcntl(),但我没有看到文件/文件夹名称或新标志位的参数。我误解了什么吗?
答案 0 :(得分:0)
fcntl()用于更改打开文件描述符的属性。您可能正在寻找fs/open.c中定义的chmod(或fchmod或fchmodat)系统调用。
答案 1 :(得分:0)
阻止寻求改变比特的操作 文件上的不可变和仅附加标志
由于 append-only标志只能是文件状态标志 O_APPEND ,因此要截取的系统调用是{{3 } - 请参阅fcntl():
File status flags
Each open file description has certain associated status flags,
initialized by open(2) and possibly modified by fcntl(). Duplicated
file descriptors (made with dup(2), fcntl(F_DUPFD), fork(2), etc.)
refer to the same open file description, and thus share the same file
status flags.
The file status flags and their semantics are described in open(2).
F_GETFL (void)
Return (as the function result) the file access mode and the
file status flags; arg is ignored.
F_SETFL (int)
Set the file status flags to the value specified by arg. File
access mode (O_RDONLY, O_WRONLY, O_RDWR) and file creation
flags (i.e., O_CREAT, O_EXCL, O_NOCTTY, O_TRUNC) in arg are
ignored. On Linux, this command can change only the O_APPEND,
O_ASYNC, O_DIRECT, O_NOATIME, and O_NONBLOCK flags. It is not
possible to change the O_DSYNC and O_SYNC flags; see BUGS,
below.
但请注意,访问模式 O_RDONLY 无法使用fcntl()进行更改。