I want to deny acess to a specific file, for example "exa.txt". But failed. (Testing like this: "vi exa.txt", I can still create it)
Anything wrong in my code?
//my code
from bcc import BPF
prog = """
include <uapi/linux/ptrace.h>
include <uapi/linux/limits.h>
include <linux/sched.h>
include <linux/fs.h>
static int strnkkcmp(char s1, char s2, int size) {for (int i = 0; i < size; ++i)
if (s1[i] != s2[i])
return 1;
return 0;
}
int trace_syscall_openat(struct pt_regs ctx, int dfd, const char __user filename, int flags)
{
u32 pid = bpf_get_current_pid_tgid() >> 32;
u32 uid = bpf_get_current_uid_gid();
char buf[64];
char searchname[9]="exa.txt";
bpf_probe_read(&buf, sizeof(buf), filename);
buf[sizeof(buf) - 1] = 0;
if (strnkkcmp(buf, searchname, sizeof(searchname)) == 0) {
bpf_trace_printk(" This file is not accessible!\\n");
return -1;
}
return 0;
}
"""
b = BPF(text=prog)
fnname_openat = b.get_syscall_prefix().decode() + 'openat'
b.attach_kprobe(event=fnname_openat, fn_name="trace_syscall_openat")
while True:
try:
b.trace_print()
except KeyboardInterrupt:
exit()
I want to deny acess to a specific file, for example "exa.txt". But failed. (Testing like this: "vi exa.txt", I can still create it) Anything wrong in my code?
//my code from bcc import BPF
prog = """
include <uapi/linux/ptrace.h>
include <uapi/linux/limits.h>
include <linux/sched.h>
include <linux/fs.h>
static int strnkkcmp(char s1, char s2, int size) {for (int i = 0; i < size; ++i) if (s1[i] != s2[i]) return 1; return 0; }
int trace_syscall_openat(struct pt_regs ctx, int dfd, const char __user filename, int flags) { u32 pid = bpf_get_current_pid_tgid() >> 32; u32 uid = bpf_get_current_uid_gid();
}
"""
b = BPF(text=prog) fnname_openat = b.get_syscall_prefix().decode() + 'openat' b.attach_kprobe(event=fnname_openat, fn_name="trace_syscall_openat") while True: try: b.trace_print() except KeyboardInterrupt: exit()