• Vladimir Zapolskiy's avatar
    connector: add an event for monitoring process tracers · f701e5b7
    Vladimir Zapolskiy authored
    This change adds a procfs connector event, which is emitted on every
    successful process tracer attach or detach.
    
    If some process connects to other one, kernelspace connector reports
    process id and thread group id of both these involved processes. On
    disconnection null process id is returned.
    
    Such an event allows to create a simple automated userspace mechanism
    to be aware about processes connecting to others, therefore predefined
    process policies can be applied to them if needed.
    
    Note, a detach signal is emitted only in case, if a tracer process
    explicitly executes PTRACE_DETACH request. In other cases like tracee
    or tracer exit detach event from proc connector is not reported.
    Signed-off-by: default avatarVladimir Zapolskiy <vzapolskiy@gmail.com>
    Acked-by: default avatarEvgeniy Polyakov <zbr@ioremap.net>
    Cc: David S. Miller <davem@davemloft.net>
    Signed-off-by: default avatarOleg Nesterov <oleg@redhat.com>
    f701e5b7
cn_proc.c 8.67 KB