Hi,
I have an requirement of logging program's name with time stamp on
its exit. My preference would be to trap in kernel. Can't change
source code, I have to achieve it using modules.
--
Regards,
Dang
A newbie's suggestion, so please correct me.
You can identify the process whos exit time you want to log, by passing the pid of the process to your kernel module. WIth pid you can obtain the task_struct of your process by
find_task_by_pid(pid).
1. do_exit() sets the PF_EXITING flag of a process in task_struct->flags, marking it as an exiting process. So, in case you have the liberty to change kernel source, you can change do_exit() to signal a wait_queue(on which your module is waiting) to denote the exit of the process .
(else)
2. you can poll by reading if PF_EXITING is set in task_struct->flags field.
Will any of these work in your case. Please let me know.
rgds
Arun
--
"There are 10 people in the world - those who understand binary and those who dont !"
