An autrace that follows forks
John D. Ramsdell
ramsdell at mitre.org
Thu Oct 12 11:09:05 UTC 2006
James Antill <james.antill at redhat.com> writes:
> Note that although the FC5 kernel-headers package might well not be
> updated, it's very likely that FC5 already has a kernel that supports
> the PTRACE_O_ options[1]. So, personally, I'd just have something like:
>
> #ifndef PTRACE_O_TRACEFORK
> # define PTRACE_O_TRACEFORK 0x00000002 /* from kernel-2.6.x */
> #endif
Ah, and also do the same for PTRACE_EVENT_FORK and PTRACE_GETEVENTMSG.
I'm guessing using these options makes it so that signals are only
sent when a process is forked, not at every system call.
I grep'd the kernel documentation directory but didn't find much of
interest on ptrace. I haven't looked at the kernel sources yet.
Googling on PTRACE_EVENT_FORK and the like keeps leading me to GDB, so
I plan to look at the sources.
http://www.cygwin.com/ml/gdb-patches/2003-08/msg00274.html
Thanks for your help.
John
More information about the Linux-audit
mailing list