Hi, How to capture a event(eg:file copying) from dom0? Thanks Jinesh M.K _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
On Wed, Aug 17, 2011 at 10:22:48AM +0530, Jinesh M.K wrote:> Hi, > > How to capture a event(eg:file copying) from dom0? >You should be more specific.. Do you mean "copying file in a domU" perhaps? I don''t think there''s a way to capture things like that, since hypervisors work at much lower level. You''d have to write some custom module for the domU kernel or userspace, make it communicate with a module/tool in dom0 using xenstore, gntdev, or something like that. -- Pasi _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
I mean event that happen inside dom0 like moving hard disk image from one location to another Jinesh On 17 August 2011 14:21, Pasi Kärkkäinen <pasik@iki.fi> wrote:> On Wed, Aug 17, 2011 at 10:22:48AM +0530, Jinesh M.K wrote: > > Hi, > > > > How to capture a event(eg:file copying) from dom0? > > > > You should be more specific.. Do you mean "copying file in a domU" perhaps? > > I don''t think there''s a way to capture things like that, > since hypervisors work at much lower level. > > You''d have to write some custom module for the domU kernel or userspace, > make it communicate with a module/tool in dom0 using xenstore, gntdev, or > something like that. > > -- Pasi > >_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
On Wed, Aug 17, 2011 at 05:00:29PM +0530, Jinesh M.K wrote:> I mean event that happen inside dom0 like moving hard disk image from one > location to another >I assume you''re using Linux dom0 so your question is not Xen specific at all.. You could use tools like Linux inotify etc. -- Pasi> Jinesh > On 17 August 2011 14:21, Pasi Kärkkäinen <[1]pasik@iki.fi> wrote: > > On Wed, Aug 17, 2011 at 10:22:48AM +0530, Jinesh M.K wrote: > > Hi, > > > > How to capture a event(eg:file copying) from dom0? > > > > You should be more specific.. Do you mean "copying file in a domU" > perhaps? > > I don''t think there''s a way to capture things like that, > since hypervisors work at much lower level. > > You''d have to write some custom module for the domU kernel or userspace, > make it communicate with a module/tool in dom0 using xenstore, gntdev, > or something like that. > -- Pasi > > References > > Visible links > 1. mailto:pasik@iki.fi_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
On Wed, Aug 17, 2011 at 12:52 PM, Jinesh M.K <mkjinesh@gmail.com> wrote:> Hi, > > How to capture a event(eg:file copying) from dom0? >Well, there is a technique called "system call intercepting". File copying or any other kinds of operation need the help from the kernel -- that is, they will issue syscalls. If you can intercept syscall in Xen, then Xen can tell your little daemon in Dom0 what''s happening in DomU. It is doable, because my colleage has done something similar before. However, this kind of operation slows down the whole system, because it requires virtual machine introspection to eliminate semantic gap between Dom0 and DomU, and the frequent switching from Xen, Dom0 and DomU is certainly a performance hit. Or you can try Pasi''s way, depending on your need. Wei. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Thank you for your information, I tried the attached code for system call interception. I am using linux kernal 2.6.38-10-generic and I issue the following command for make this c code sudo make -C /usr/src/linux-headers-`uname -r` SUBDIRS=$PWD modules But I got the errors like this make: Entering directory `/usr/src/linux-headers-2.6.38-10-generic'' CC [M] /home/bios/intercept/intercept_open.o /home/bios/intercept/intercept_open.c: In function ‘our_fake_open_function’: /home/bios/intercept/intercept_open.c:30:9: error: implicit declaration of function ‘user_path_walk’ /home/bios/intercept/intercept_open.c:35:25: error: ‘struct nameidata’ has no member named ‘dentry’ /home/bios/intercept/intercept_open.c:50:37: error: ‘struct nameidata’ has no member named ‘dentry’ /home/bios/intercept/intercept_open.c: In function ‘my_init’: /home/bios/intercept/intercept_open.c:63:9: warning: ISO C90 forbids mixed declarations and code /home/bios/intercept/intercept_open.c:64:39: error: ‘system_utsname’ undeclared (first use in this function) /home/bios/intercept/intercept_open.c:64:39: note: each undeclared identifier is reported only once for each function it appears in /home/bios/intercept/intercept_open.c:81:41: warning: initialization makes integer from pointer without a cast /home/bios/intercept/intercept_open.c: In function ‘my_exit’: /home/bios/intercept/intercept_open.c:91:9: warning: initialization makes integer from pointer without a cast make[1]: *** [/home/bios/intercept/intercept_open.o] Error 1 make: *** [_module_/home/bios/intercept] Error 2 make: Leaving directory `/usr/src/linux-headers-2.6.38-10-generic'' Anu help for this issue. Thanks Jinesh M.K On 18 August 2011 07:03, Wei Liu <liuw@liuw.name> wrote:> On Wed, Aug 17, 2011 at 12:52 PM, Jinesh M.K <mkjinesh@gmail.com> wrote: > > Hi, > > > > How to capture a event(eg:file copying) from dom0? > > > > Well, there is a technique called "system call intercepting". > > File copying or any other kinds of operation need the help from the > kernel -- that is, they will issue syscalls. If you can intercept > syscall in Xen, then Xen can tell your little daemon in Dom0 what''s > happening in DomU. > > It is doable, because my colleage has done something similar before. > However, this kind of operation slows down the whole system, because > it requires virtual machine introspection to eliminate semantic gap > between Dom0 and DomU, and the frequent switching from Xen, Dom0 and > DomU is certainly a performance hit. > > Or you can try Pasi''s way, depending on your need. > > Wei. >_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
On Thu, Aug 18, 2011 at 2:24 PM, Jinesh M.K <mkjinesh@gmail.com> wrote:> Thank you for your information, I tried the attached code for system call > interception. > >Well well, I think this technique doesn''t fit your scenario -- I misunderstood your case, I originally thought that you needed to know what operation is happend inside other domain (and not letting it be awared of this). If you trust Dom0 (from a security perspective of view), then syscall interception is not a good idea, there should be other better method. Maybe, like Pasi said, inotify? If you don''t trust Dom0, then who is to be trusted? Xen has very limited capabilities to serve high level needs, eventually, complicated operations are passed to some guests to handle. I think it is better to clarify you scenario. Wei. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel