< Back


System Call, LKM, LSM

Ʒ ȭǥ: 1 

 Lecture PDF Download


Table of Contents

-         System Call

-         Linux Kernel Module (LKM)

-         Linux Security Module (LSM)


[ System Call ]


What is System Call?

      User-level processes (clients) request services from the kernel (server) via special protected procedure calls

      System calls provide:

      An abstraction layer between processes and hardware, allowing the kernel to provide access control, arbitration

      A virtualization of the underlying system 

      A well-defined API for system services


Security Call Procedure in Linux

(Tutorial) Add New System Call

      Tutorial Environment

      32bit Ubuntu 12.04 (Kernel Version : 3.2.0) on VMware


      Download Kernel Source Code

      $ apt-get source linux-image-$(uname -r)

      or Download at http://www.kernel.org

      Allocate an unused system call number

      /(source code path)/arch/x86/include/asm/unistd_32.h




      Register sys_call_table

      /(source code path)/arch/x86/kernel/syscall_table_32.S




      Program new system call handler



      Modify Makefile

      /(source code path)/kernel/Makefile


      Kernel compile and rebooting

      $ apt-get update

      $ apt-get install build-essential libncurses5 libncurses5-dev

      /(source code path)/

      Follow the below commands to compile the kernel

      $ make menuconfig

      $ make bzImage

      $ make modules

      $ make modules_install

      $ make install

      Change grub configuration

      modify /etc/default/grub

      $ update-grub



      Make library interface and user program


      Check the system log message

      $ dmesg

      $ tail –f /var/log/syslog




 [ Linux Kernel Module ]


What is Kernel Module?

      Kernel module is a object file that contains code to extend the functionality of the base kernel

      Modules are used to add support for new hardware and file systems

      Also used to add new system calls and executable interpreters


Linking a Module to the Kernel?


( Reference : Linux Device Drivers 2nd Edition)


(Tutorial) Make a Kernel Module

      Write a simple module code


      Write a Makefile


       Load the simple module to kernel modules



       Check the module list

      $ lsmod

      $ cat /proc/modules


       Load a module at the boot time

      $make install

      Add the name of module(hello_module) to the /etc/modules

      $ depmod



 [ Linux Security Module ]


What is System Call?

      LSM(Linux Security Module) is a framework that allows the Linux kernel to support a variety of computer security models while avoiding favoritism toward any single security implementation.

      The framework is standard part of the Linux kernel since Linux 2.6.

      AppArmor, SELinux, Smack and TOMOYO Linux are the currently accepted modules in the official kernel.

       LSM doesnt provide any security rather it add security fields to kernel and provide interface to manage these fields for maintaining security attributes.


Design of LSM

      LSM is to mediate access to internal kernel objects

      By placing hooks in kernel code just before the access

      LSM module provides the functions to be called by these hooks



(Tutorial) Make a Simple Security Module

      Write a simple security module code



      Write a Makefile


      Modify the kernel


      Kernel compile and rebooting

      $ make mrproper

      $ make menuconfig

      $ make clean

      $ make bzImage

      $ make install

      $ reboot


      Load the security module to kernel


       Check system log message

      $tail –f /var/log/syslog

      Try to use the connect system call (You can use any internet browser)


Copyright 2014 ICS Lab. Ajou Univ. All rights reserved.