Welcome, Guest! Log In | Create Account

Share

Kernel Generalized Event Management

File Release Notes and Changelog

Release Name: 1.0.2

Notes:
This release includes a set of events for use by an anti-virus realtime monitor application, as well as a patch for inclusion in the 2.6.8.1 kernel source.  Also added is the ability for hook plugin modules to provide their own ioctl functions and event data evaluation functions to facilitate more advanced event filtering controlled by the user space applications.


Changes:
Aug 25, 2004 - Release 1.0.2
  - Include temporary code for exempting anti-virus processes from events
  - Improve gemstart script
  - Built patch for inclusion in kernel source tree 
  - Get rid of pesky compile warnings

Aug 10, 2004 - Release 1.0.2
  - Added gem_hook_av_sys.c to implement anti-virus hooks via syscall table
	for 2.4 and 2.6 kernel
  - Improved Makefile (Dmitri)
  - Modifications to allow files to be built as part of base kernel as well 
	as loadable modules.
  - Starting to implement app-specific IOCTL functions 
  - Corrected various bugs encountered in testing with AV prototype

June 8, 2004 - Release 1.0.1
  - Added following parameters to kernel module:
	bypass_root=1|0 - bypass events for root user (for testing)
	ioctl_bklrelease=0|1 - release big kernel lock for duration of ioctl 
				(for testing only)
	gem_debug=0|1 - Send debug messages to kmsg 
	loglevel=n - Set logging level (not yet implemented)

  - Added ability to use IOCTL to receive events instead of read/write
	(for testing only)
  - Miscellaneous bug fixes
  - Miscellaneous updates to support other kernel versions
  - Created gem_hook_av.c, gem_av_events.h, and gem_av_user.h to implement 
	anti-virus hooks as an lsm module
  - Added an 'idnum' field to gem_event_inst, event_subscribe, 
	gem_event_subscribe, and event_rec structures.
	This is a number that can be used to identify an event, so that a 
	listening application can use a switch or an array index to process 
	multiple event types rather than calling strcmp() on the name field.
	The subscribing application decides which numbers are to be used when
	it does the subscribing.

Apr 30, 2004 - Release 1.0.0
  - First public release of code

 

About SourceForge

Find Software

Develop Software

Community

Help

Copyright © 2009 Geeknet, Inc. All rights reserved. Terms of Use