Re: Abnormal End of Processes
On Wed, Apr 18, 2007 at 12:09:50PM -0400, Steve Grubb wrote:
Hi,
I have been working on some code that detects abnormal events based on
audit system events. One kind of event that we currently have no visibility for is
when a program terminates due to segfault - which should never happen on a
production machine. And if it did, you'd want to investigate it. Attached is a
patch that collects these events and sends them into the audit system.
Signed-off-by: Steve Grubb <sgrubb(a)redhat.com>
I'd suggest taking that into a separate function somewhere in kernel/audit*.c;
no need to clutter fs/exec.c with it. Leave if (unlikely(audit_enabled)) in
inlined wrapper as usual, pass signr as argument...