Last October, I (Marius Eriksen) updated the Linux-kernel patches for systrace. Get it
here. A pre-built Debian package is available
here.
Watch this space for updates in a week or two as I will be bringing the diffs up to date.
Systrace does not provide translations for all system calls. But it has been designed to make adding new translations very easy. Many people have noticed that they no longer see the IP address that nslookup connects to for DNS queries after updating to a newer version of Bind. The reason is that Systrace did not provide a translation for sendmsg.
Here is what you have to do add the necessary translation.
1. Provide a translator for
sendmsg by adding the following code to the end of
intercept-translate.c:
Continue reading "HowTo: Translating a New System Call"
It turned out that emulating waitpid for threads was more complicated then I initially assumed. Some older Linux kernels also exhibited strange behaviors in which the cloned child could execute before the parent did. This and a bunch of other fixes went into
Systrace 1.6c which is now also available as
Debian package. I tested this on various 2.4 kernels and distributions and was able to use the ptrace backend to run complicated applications like FireFox and X-Chat. Things look good.
After over three years of quiet life,
Systrace 1.6: Phoenix Release is available. This release allows Systrace to run on Linux without requiring kernel changes. The regular Systrace backend has been emulated with ptrace and supports most Systrace features. Emulation of threading and signal mask computation are not implemented yet.
The Phoenix image is from Eric Newport.
A bug in
systrace_exit() on NetBSD-current can be exploited to get local root privileges. Update your kernel if you are are running NetBSD-current.
Monkey.org has been nice enough to set up a
Systrace Mailing List. The web interface can be used to manage subscriptions and check the archives. The mailing list is not very busy but annoucement are usually posted there first.
