phrack 68, article 11

Interesting article in phrack))) I'd implement some sources

Another kernel patch for fork-exit with cgroups

Back to previous patch, I realize that I must handle move tasks from one group to another (this operation also change tasks file, so we want to take event about this)

debug trace in kernel

Recently I've patched do_fork() and need in some trace debug during fork(). But every process in linux starts with do_fork(), so I had tons of traces.

Patch linux kernel for add ability to send an event about do_fork()/do_exit()

Recently I have interesting question - how to create event about do_fork()/do_exit of group of processes, not any process but some of them. It's very useful, for example, when one want to create group of persistent processes (IDS/IPS), but sometimes software "fall" =) and system must restart it. So we can make cron script for checking PIDs, we can create N pthreads and then in each thread exec() new process, when wait4() it (when it falls re-exec it). The first solution lead in persistent scanning (each t-seconds we must to check even nothing happened), second solution no so scalable, bcoz we need 2N + 1 working processes for N persistent processes. Of course, it's not load system, each wait4() thread sleep and doesn't eat much cpu time. And I had create small kernel patch based on cgroups subsystem. Shortly, we push persistent processes to a special group and set userspace event handler. When process move out from this cgroup (when process do_exit() it's move out too) we catch event and restart this process.