Hi, >>> Signed-off-by: Vishal Goel <vishal.g...@samsung.com> > > What test case do you have that generates these records?
Test case for 1st log:- void main(int argc,char *argv[]) { int pid; if (argc < 2) { printf("enter pid of the tracee process\n"); exit(0); } pid = atoi(argv[1]); fprintf(stderr,"Inside\n"); ptrace(PTRACE_ATTACH, pid,NULL,NULL); while(1) { sleep(10); } } Test case for 2nd log:- void main(int argc,char *argv[]) { int pid; pid = getpid(); fprintf(stderr,"Inside\n"); ptrace(PTRACE_TRACEME, pid,NULL,NULL); while(1) { sleep(10); } } Test case for 3rd log:- void main() { int pid; char *argv[2]; fprintf(stderr,"Inside\n"); pid = fork(); if(pid == 0) { argv[0] = "/tst_pt"; argv[1] = NULL; if(ptrace(PTRACE_TRACEME, pid,NULL,NULL)) printf("attached child\n"); printf("going for exec\n"); execv("/tst_pt",argv); } else { while(1) { sleep(10); } } } >> >> Added linux-audit to the CC list. >> Thanks Vishal Goel -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit