[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] trapping I/O System Calls

On Jul 19, 2005, at 11:24 AM, Matt Hope wrote:

On 7/19/05, Alisson Wilker <alissonwilker@xxxxxxxxx> wrote:

How does Condor trap I/O system calls? Can anybody help me find it in
the source code?

IANAE but I understand this is achieved by the condor_compile (bad
name :) relinking with a bunch of alternates to the standard io calls
which redirect as required.

This is overly simplistic (how said calls are redirected to the
shadows for example and there may be special cases I don't know about

If you were asking what mechanism is used at lower level of detail
then you'll need the cs.wisc guys*

As I am on windows I never use it so take this with a healthy dose of scepticism

That's basically right. 'condor_compile' links the user application with our special version of libc which provides its own implementations of the system calls (which usually involve talking to the shadow process on the submit machine).

Note that this is not meant to be a secure method of sandboxing the application to prevent malicious behavior. The user code can easily execute system calls directly on the execute machine if it really wants to (by trapping directly to the kernel).


|            Jaime Frey            |  Public Split on Whether        |

|        jfrey@xxxxxxxxxxx         |  Bush Is a Divider              |

|  http://www.cs.wisc.edu/~jfrey/  |         -- CNN Scrolling Banner |