我可以伪装内核 uevent 吗？

Question

udevadm 触发器

1. 尝试一下

sudo udevadm trigger --verbose --action=remove --property-match='DEVNAME=/dev/sdd'

会触发一个/dev/sddremove uevent，内容为

remove@/devices/pci0000:00/0000:00:1a.0/usb1/1-1/1-1.2/1-1.2:1.0/host13/target13:0:0/13:0:0:0/block/sdd
ACTION=remove
DEVPATH=/devices/pci0000:00/0000:00:1a.0/usb1/1-1/1-1.2/1-1.2:1.0/host13/target13:0:0/13:0:0:0/block/sdd
SUBSYSTEM=block
MAJOR=8
MINOR=48
DEVNAME=sdd
DEVTYPE=disk
SEQNUM=12589

2.`strace`它

看看他服用什么剂量：

sudo strace udevadm trigger --verbose --action=remove --property-match='DEVNAME=/dev/sdd'
...
fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 37), ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc0596a7000
write(1, "/sys/devices/pci0000:00/0000:00:"..., 101/sys/devices/pci0000:00/0000:00:1a.0/usb1/1-1/1-1.2/1-1.2:1.0/host13/target13:0:0/13:0:0:0/block/sdd
) = 101
open("/sys/devices/pci0000:00/0000:00:1a.0/usb1/1-1/1-1.2/1-1.2:1.0/host13/target13:0:0/13:0:0:0/block/sdd/uevent", O_WRONLY) = 3
write(3, "remove", 6)                   = 6
close(3)                                = 0
exit_group(0)                           = ?
+++ exited with 0 +++

3.总结

实际上，它只是

echo 'remove' | sudo tee /sys/block/sdd/uevent

这种方式仍然依赖于sysfs：

设备 sysfs 必须存在
无法完全自定义uevent消息体

sysfs uevent 文件：

cat /sys/block/sdd/uevent
MAJOR=8
MINOR=48
DEVNAME=sdd
DEVTYPE=disk

参考文献：
http://fibrevillage.com/sysadmin/93-udevadm-useage-examples http://arakilab.media.eng.hokudai.ac.jp/~msylw/2013/07/using-udev-to-trigger-events-in-example/

Answer 1

udevadm 触发器

1. 尝试一下

sudo udevadm trigger --verbose --action=remove --property-match='DEVNAME=/dev/sdd'

会触发一个/dev/sddremove uevent，内容为

remove@/devices/pci0000:00/0000:00:1a.0/usb1/1-1/1-1.2/1-1.2:1.0/host13/target13:0:0/13:0:0:0/block/sdd
ACTION=remove
DEVPATH=/devices/pci0000:00/0000:00:1a.0/usb1/1-1/1-1.2/1-1.2:1.0/host13/target13:0:0/13:0:0:0/block/sdd
SUBSYSTEM=block
MAJOR=8
MINOR=48
DEVNAME=sdd
DEVTYPE=disk
SEQNUM=12589

2.`strace`它

看看他服用什么剂量：

sudo strace udevadm trigger --verbose --action=remove --property-match='DEVNAME=/dev/sdd'
...
fstat(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 37), ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fc0596a7000
write(1, "/sys/devices/pci0000:00/0000:00:"..., 101/sys/devices/pci0000:00/0000:00:1a.0/usb1/1-1/1-1.2/1-1.2:1.0/host13/target13:0:0/13:0:0:0/block/sdd
) = 101
open("/sys/devices/pci0000:00/0000:00:1a.0/usb1/1-1/1-1.2/1-1.2:1.0/host13/target13:0:0/13:0:0:0/block/sdd/uevent", O_WRONLY) = 3
write(3, "remove", 6)                   = 6
close(3)                                = 0
exit_group(0)                           = ?
+++ exited with 0 +++

3.总结

实际上，它只是

echo 'remove' | sudo tee /sys/block/sdd/uevent

这种方式仍然依赖于sysfs：

设备 sysfs 必须存在
无法完全自定义uevent消息体

sysfs uevent 文件：

cat /sys/block/sdd/uevent
MAJOR=8
MINOR=48
DEVNAME=sdd
DEVTYPE=disk

参考文献：
http://fibrevillage.com/sysadmin/93-udevadm-useage-examples http://arakilab.media.eng.hokudai.ac.jp/~msylw/2013/07/using-udev-to-trigger-events-in-example/

我可以伪装内核 uevent 吗？

答案1

udevadm 触发器

1. 尝试一下

2.`strace`它

3.总结

相关内容

答案1

udevadm 触发器

1. 尝试一下

2.strace它

3.总结

相关内容

2.`strace`它