Date: 12 Apr 1999 12:11:45 -0000 From: "Gary Howland" <gary@hotlava.com> To: freebsd-hackers@freebsd.org Subject: New system call? Message-ID: <19990412121145.9510.qmail@abc.aaa-mainstreet.nl>
next in thread | raw e-mail | index | archive | help
Hi, I am considering the part-time development of an application which relies on new functionality. The functionality I need is to mainly to hide process information from users on the system, but also mapping of process information (so that process 1 is not necessarily init, since I want to hide system process such as init from the users). I am thinking along the lines of giving each user their own process "set", and spawning an init for each user so that orphan processes stay in the same "set". But I'm now waffling, and describing bits of the application that are irrelevant right now. What I am thinking of is a system call along the lines of chroot(). Perhaps it would be called procroot(). The idea is that this would take a process id as an argument, and would make this process the grandfather (what is the term for the adopter of orphans??? - currently the init process) for this porcess and all process spawned from this. After the call has been made, the process would only be able to "see" (from the point of view of system calls such as kill) this process and any derived from it. This process would have the id of 1 (thereby eliminating the need to change the orphaning code to point to the new grandfather process), which also means that another procroot(1) would NOT change the root process back to the original process, but instead just have no effect. This changing of process information would work by simply using a mapping from the new process numbers to the original ones. So when the procroot(x) is made, an entry is created mapping pseudo process 1 to real process x. Any new processes spawned from this process will also make use of these mappings, and their process ids will themselves be added to this list. This list also serves as the list of processes viewable to the procroot'ed processes (after all, that is the main aim of this call - to place processes into an environment where they cannot access all process info - a "chroot for process info"). I hope I have explained this OK. So, has anyone done anything like this before? If not, does anyone have any advice or tips on how to proceed? (such as listing the kernel files that will need to be looked at - the obvious ones are of course kill & fork, but exec and the process data will also need modification, along with procfs). And what is the best way of doing this? Surrounding my code in #ifdefs? Or is there no way that this code will ever make it into the kernel, so the #ifdefs are a waste of time? Many thanks, Gary To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990412121145.9510.qmail>