Re: [Announce] Non Invasive Kernel Monitor for threads/processes

[Chris Wright]

* Atul Sabharwal (atul_sabharwal@xxxxxxxxxxxxxxxxxx) wrote:
> We have been working with a solution for non-intrusively trapping on lifetime
> of processes/threads. This is useful for management applications running in
> telecom and enterprise data centers that need to monitor a set of threads/
> processes.
> 
> Project Goal::
> ~~~~~~~~~~~~~~
> To create a kernel patch that  shall support methods to non-intrusively monitor
> processes/threads at the kernel level.  It would use a notfication mechanism in
> the kernel that allows registration of events of interest regarding processes/
> threads.  Events of interest could be the following : Process creation (fork), 
> Process exit(exit), Process calls(exec), thread creation & thread exit. 

These spots are already hooked via LSM and audit (the latter is capable
of communicating such events to userspace via netfilter) Was that not
sufficient somehow?  In fact, the netfilter queuing will probably fair
better than sigqueue which fairly limited.  Might be worth looking into
that.  Did you look at the task ornament patch floating about from David
Howells?  If new code is needed, that patch looks more generically useful.

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/