Re: [Condor-users] trapping I/O System Calls

[Jaime Frey <jfrey@xxxxxxxxxxx>]

On Jul 19, 2005, at 11:24 AM, Matt Hope wrote:

On 7/19/05, Alisson Wilker <alissonwilker@xxxxxxxxx> wrote:

How does Condor trap I/O system calls? Can anybody help me find it in

the source code?

IANAE but I understand this is achieved by the condor_compile (bad

name :) relinking with a bunch of alternates to the standard io calls

which redirect as required.

This is overly simplistic (how said calls are redirected to the

shadows for example and there may be special cases I don't know about

it)

If you were asking what mechanism is used at lower level of detail

then you'll need the cs.wisc guys*

As I am on windows I never use it so take this with a healthy dose of scepticism

That's basically right. 'condor_compile' links the user application with our special version of libc which provides its own implementations of the system calls (which usually involve talking to the shadow process on the submit machine).

Note that this is not meant to be a secure method of sandboxing the application to prevent malicious behavior. The user code can easily execute system calls directly on the execute machine if it really wants to (by trapping directly to the kernel).

+----------------------------------+---------------------------------+

|            Jaime Frey            |  Public Split on Whether        |

|        jfrey@xxxxxxxxxxx         |  Bush Is a Divider              |

|  http://www.cs.wisc.edu/~jfrey/  |         -- CNN Scrolling Banner |

+----------------------------------+---------------------------------+