[Systrace] linux systrace implementation and the -p option
Johannes Nicolai
johannes.nicolai at hpi.uni-potsdam.de
Fri Jul 8 10:39:13 EDT 2005
If I use the -p option to attach to a running process under linux, systrace
will not report any system call of the running process and the name of the
executable will be silently ignored.
In the moment, where the running process will execute a new programm (exec
system call), systrace will monitor every system call of the new process and
will store the decisions in a policy file named by the new executable even
when the -i flag was given at start.
I am not sure whether this behavior is the expected one or if I have found a
bug.
Regards
Johannes Nicolai
More information about the systrace
mailing list