PyTalpa, Version 0.1
====================

PyTalpa, version 0.1 (c) Bifferos, see COPYING


FAQ
---

What is PyTalpa?
 This is really just a dirty hack at the moment to see how 
 Python could be used as a file system operation interceptor.  
 You derive a class from pytalpa.talpa and create methods for 
 the operations you're interested in.

What is Talpa?
 Talpa is part of the Sophos Anti-Virus scanner for Linux.
 It is a kernel driver which intercepts (at the kernel level)
 access to the file system, and allows a userland vetting 
 client to allow or deny the operation.

Where can I get Talpa?
 Talpa is obtainable from the Sophos Anti-Virus for Linux 
 product. You can obtain a demo copy from http://www.sophos.com.  
 The tarball contains the Talpa source (in talpa-srcpack.tar) 
 which is itself GPLed, even though the rest of the product is 
 non-free.  Once you have the demo the GPL allows you unrestricted 
 use of the GPLed parts, i.e. Talpa.  You can also download the 
 `Slackware package <../packages>`_ I made.

 
Quickstart
----------

These instructions apply to 2.6.17.13, Slackare 11.0.  
2.6.18 is not supported by Talpa at all.  Earlier kernels 
should work, but you'll need to experiment with which 
modules to load. A good approach would be to see which 
modules SAV (Sophos Anti-Virus) loads.

1) Unpack the talpa source pack and build it::
 
    cd /usr/src
    tar xzf /opt/sophos-av/talpa/talpa-srcpack.tgz
    cd talpa-1.1.0
    ./configure
    make

   **or**

   Get the slackware package and install it.


3) I had to remove the capability module from my kernel, or
   I got an error loading one of the modules::

    rmmod capability

4) Load the Talpa modules:
   
    insmod talpa_linux.ko
    insmod talpa_core.ko
    insmod talpa_vcdevice.ko
    insmod talpa_lsm.ko capabilities=1

5) Setup the exclusions to we get all the events::

    echo disable > /proc/sys/talpa/intercept-filters/OperationExclusionProcessor/status

6) Enable the interception events::

    echo enable > /proc/sys/talpa/interceptors/LSMInterceptor/status

7) Download `PyTalpa <PyTalpa-0.1.tar.gz>`_.

8) Compile PyTalpa::

    tar xvf PyTalpa-0.1.tar.gz
    cd PyTalpa-0.1
    python setup.py build
    cp build/*/pytalpa.so .
    ./test.py

   While running test.py create a file called
   SomeUniqueName.txt in another terminal. You should find that
   you can create it but not append anything to it.


Have fun!


BUGS
----

On shutdown of the vetting loop there's a segfault.  I really
can't be bothered to track this one down - patches welcome!

bifferos @ yahoo-dot-co-dot-uk.

