WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xen-devel] how to scan domU to get the inode info?

To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] how to scan domU to get the inode info?
From: Sucan <bitzsk@xxxxxxxxx>
Date: Wed, 6 May 2009 11:13:14 +0800
Cc: 9907yruby@xxxxxxxxx
Delivery-date: Tue, 05 May 2009 20:15:04 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:from:date:message-id :subject:to:cc:content-type; bh=0lOsBSQR4C/4q1oHZ5JG6LdUUyvrlJpTP+yjKP/Q4Dc=; b=qEVzGQStFhOC0X290926XQmk5/vi31vx8Hza/8PJd7mwux5e/FXkVNqZvi82I9Qn1f MSGC1JX7uoyyBMoLZxZe/833NG2mltJDxtG+HVg/N0umu94BkgFIlN4Hh4c57EQqNZ8e S4KPYMENvn8fLugcZo5ih+FRwk7IoE9poCuPY=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:from:date:message-id:subject:to:cc:content-type; b=qC6y/6biJ0IfCccHaE5OuifeurXxSodZJs5EmAnQAD4OQxKm+r+U5EYiajaHxAwkge c+tqFCbego3Fe9nSWZthKnVLzYqxzsd+5DHeV38QBgUiMABsRk1MnRwbotE2vu9Yniq8 RlQH/Hf1fellkkl1axvOSTHDDahAmcpH0fFpE=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
hi,

I have installed xen 3.2 in my computer , security is very important! although linux is more secure than windows.i need to protect the domu filesystem against hacking or virus. so each time when domu need to write to disk. it send the request to dom0, when i recieve the request in dom0, i will make sure the file it write is not in the /usr/bin directory. if domu is trying to change files under /usr/bin directory, it will be stoped by dom0.
   this way, i can protect the /usr/bin dir not been changed for ever, even if you have root privilage in domu , you can't change the files in /usr/bin.
    so ,the first thing i need to do is to scan files in /usr/bin directory to get all the inode info. save each inode number in a file. and transfer the file to dom0, each time domu submit a request to a file , the request will send to dom0. next ,dom0 will compare the inode number in that file .if find the same inode number, dom0 will stop the write request. if not found, domu can write the file as normal.
    my question is how to scan a directory(such as /usr/bin) and get all inode info? which funtions may i use in the linux kernel api? Can someone please shed some light on this problem? or any suggestions on my ideas above to protect the domu linux filesystem against invasion?

--
Best regards,
Sucan
Computer Department,Beijing Institute of Technology,China
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
<Prev in Thread] Current Thread [Next in Thread>