| ▲ | XorNot 6 hours ago | |||||||
Man I just discovered this as a good guide on how to exceed the normal limits on Linux kernel modules. Been working on a derviative which hooks the VFS to allow dynamically remapping file paths on a per process basis so I can force badly behaved apps to load custom TLS certificates (looking at you Bazil builds in nixpkgs). (If anyone knows something which already does this it would save me a lot of yak shaving) | ||||||||
| ▲ | st_goliath 4 hours ago | parent | next [-] | |||||||
> how to exceed the normal limits on Linux kernel modules. Uh, what limits? I'm not aware of anything that would stop your module, once probed, from reaching around the back of the kernel and futzing around in the internals of another driver/device in a completely unrelated subsystem, or subsystem internals. SoC/SoM vendors love to pull that kind of crap in their BSPs. > hooks the VFS to allow dynamically remapping file paths on a per process basis Instead of messing with kernel VFS internals, you could try: - patching the offending application or package (ideally make the path configurable and contribute that back upstream) - running the application in a mount namespace and bind-mount something over the path - use LD_PRELOAD to wrap fopen/open/openat (I'm pretty sure, ready made solutions for this already exist) | ||||||||
| ||||||||
| ▲ | linuxftw 4 hours ago | parent | prev [-] | |||||||
> Been working on a derviative which hooks the VFS to allow dynamically remapping file paths on a per process basis so I can force badly behaved apps to load custom TLS certificates (looking at you Bazil builds in nixpkgs). chroot or namespaces/containers? | ||||||||
| ||||||||