I have to solve this problem:
We want a process to monitor another random process, e.g, whether
it's alive or not, if it issues a system call fork, the tracing process
should be notified and be provided with the return value of fork, then it
can monitor the child process as well.
The restriction is:
We don't want to use ptrace, since, we only want to capture one
system call, if we use ptrace, we have to capture every syscall, this
results in undesirable overhead.
We want to run the monitoring process as user privilege, and we'd
like to leave the underlying system as it is, that is, we don't want to
modify it.
Would someone please give me some directions?
As in Solaris, we could use its /proc fs, we can use ioctl(procfd,
request, ...) to control a the traced process, e.g., let the monitored
process stop before executing fork, at this point, the tracing process is
waked up, and can use the /proc fs to extract some information, like why
the traced process stop, etc. Does any one know how to do it in Linux? In
Solaris there is a file procfs.h containing some definition and data
structure we could use. I looked at the procfs.h in Redhat Linux 4.2,
it's totally different.
And someone told me, /proc fs in Linux is totally different from
that in Solaris.
But, anyway, if I can't use /proc in Linux, is there a way to do
this?
Thanks,
Yuanyuan