An autrace that follows forks
James Antill
james.antill at redhat.com
Wed Oct 11 20:55:30 UTC 2006
On Wed, 2006-10-11 at 16:06 -0400, John D. Ramsdell wrote:
> Last summer, someone else in my company made a simple version of a
> fork following tracer based on the audit library; however it does not
> compile on my FC5 machine. The reason is he was including the
> kernel's headers for ptrace, which defines PTRACE_O_TRACEFORK and
> other symbols not part of the standard ptrace header. I don't like
> the idea of requiring kernel headers to compile the extended version
> autrace.
Note that although the FC5 kernel-headers package might well not be
updated, it's very likely that FC5 already has a kernel that supports
the PTRACE_O_ options[1]. So, personally, I'd just have something like:
#ifndef PTRACE_O_TRACEFORK
# define PTRACE_O_TRACEFORK 0x00000002 /* from kernel-2.6.x */
#endif
...and assuming you handle the error return from PTRACE_SETOPTIONS, it
should mostly just work on all relevant systems.
[1] git-annotate says that flag was added on: 2005-04-16 15:20:36
--
James Antill - <james.antill at redhat.com>
setsockopt(fd, IPPROTO_TCP, TCP_CONGESTION, ...);
setsockopt(fd, IPPROTO_TCP, TCP_DEFER_ACCEPT, ...);
setsockopt(fd, SOL_SOCKET, SO_ATTACH_FILTER, ...);
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20061011/34e46f0b/attachment.sig>
More information about the Linux-audit
mailing list