Since all processes are forked out of some already existing process, I guess you can place a hook in the implementation of fork. Maybe inside kernel/sched.c. Similarly look for the function which cleans up the process information when it gets over, that should be the place to put in the other hook. You can also place hooks in sched.c to log the information when process is scheduled in and out.
On Wed, Nov 5, 2008 at 2:01 PM, Jonathan 'Arrouan' ROUZAUD-CORNABAS < [EMAIL PROTECTED]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > > I'm developping a kernel module that will monitore struct (or something > else) to generate event (or traces) when a process is over (i.e. its PID > disappear from the PID/PPID tree). Currently, I can do that by > monitoring the /proc directory but I am looking for a more robust (and > kernel side) way to do it. > > I don't know where to start, hooking some functions in procfs ? Or > something similar already exists ? Or ... ? > > I'm open to any solutions. > > Thanks in advance > > PS: If I need SELinux or GRSecurity/PaX to do that, it is not an issue. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFJEe2nrzp//Utz6jwRAp2ZAJ4sV46sLzMC93t7OsbwcWzHuc33ogCeIZEk > zqEzllfwV/r7op9Jr3Y3y8M= > =WF1T > -----END PGP SIGNATURE----- > > -- > To unsubscribe from this list: send an email with > "unsubscribe kernelnewbies" to [EMAIL PROTECTED] > Please read the FAQ at http://kernelnewbies.org/FAQ > > -- http://linuxexplained.blogspot.com
