On Wed, 2006-10-11 at 16:06 -0400, John D. Ramsdell wrote: > Last summer, someone else in my company made a simple version of a > fork following tracer based on the audit library; however it does not > compile on my FC5 machine. The reason is he was including the > kernel's headers for ptrace, which defines PTRACE_O_TRACEFORK and > other symbols not part of the standard ptrace header. I don't like > the idea of requiring kernel headers to compile the extended version > autrace.
Note that although the FC5 kernel-headers package might well not be updated, it's very likely that FC5 already has a kernel that supports the PTRACE_O_ options[1]. So, personally, I'd just have something like: #ifndef PTRACE_O_TRACEFORK # define PTRACE_O_TRACEFORK 0x00000002 /* from kernel-2.6.x */ #endif ...and assuming you handle the error return from PTRACE_SETOPTIONS, it should mostly just work on all relevant systems. [1] git-annotate says that flag was added on: 2005-04-16 15:20:36 -- James Antill - <[EMAIL PROTECTED]> setsockopt(fd, IPPROTO_TCP, TCP_CONGESTION, ...); setsockopt(fd, IPPROTO_TCP, TCP_DEFER_ACCEPT, ...); setsockopt(fd, SOL_SOCKET, SO_ATTACH_FILTER, ...);
signature.asc
Description: This is a digitally signed message part
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
