KVM-VMI
Use case planning
I created this ticket for brainstorming how Nitro could be used and what kind of APIs would be needed to support these use cases. The use cases could be low-level features or higher-level ideas. If there is need, I'll create more issues for individual items.
Off the top of my head, following things come to mind:
- Collection of detailed information about individual applications. I guess this would include support for extracting system call arguments.
- Altering of machine execution based on events that happened. So far our test have only included observing machine's activity.
- Replacing, extending & altering OS system call handlers. I think this needs an API to control system call handler execution.
What do you think?
I think you have already the right use cases.
- monitoring
- altering the execution by rewriting syscall arguments values or just sysall return values.
Could you be more specific about the last one ? Extending or altering an OS system call handler ?
Regarding the second and third point, I've made a small proof-of-concept test case. It does not do everything correctly but it still seemed to work in the case of this very limited test case. Of course it probably still messes up machine state but for this test it didn't seem to matter
Hmm based on our latest discussion it seems that my approach for system call bypass cannot possibly work, I am wondering why that happened. Maybe I made a mistake in testing it or the test was flawed in some other way. In any case, I'll look into the kernel-side approach of bypassing system call handlers.