Date: Sun, 27 Oct 2002 01:04:29 -0700 From: Juli Mallett <jmallett@FreeBSD.org> To: Maxim Sobolev <sobomax@FreeBSD.ORG> Cc: Nate Lawson <nate@root.org>, jlemon@FreeBSD.ORG, hackers@FreeBSD.ORG, audit@FreeBSD.ORG Subject: Re: New kevent types: NOTE_STARTEXEC and NOTE_STOPEXEC Message-ID: <20021027010429.A90908@FreeBSD.org> In-Reply-To: <20021027075043.GA36533@vega.vega.com>; from sobomax@FreeBSD.ORG on Sun, Oct 27, 2002 at 09:50:43AM %2B0200 References: <3DB79DFA.FA719B8F@FreeBSD.org> <Pine.BSF.4.21.0210261715520.78755-100000@root.org> <20021027075043.GA36533@vega.vega.com>
next in thread | previous in thread | raw e-mail | index | archive | help
* De: Maxim Sobolev <sobomax@FreeBSD.ORG> [ Data: 2002-10-27 ]
[ Subjecte: Re: New kevent types: NOTE_STARTEXEC and NOTE_STOPEXEC ]
> On Sat, Oct 26, 2002 at 06:09:31PM -0700, Nate Lawson wrote:
> > On Thu, 24 Oct 2002, Maxim Sobolev wrote:
> > > Please review the patch, which adds two new types of events -
> > > NOTE_STARTEXEC and NOTE_STOPEXEC, that could be used to get
> > > notification when the image starts or stops executing. For example, it
> > > could be used to monitor that a daemon is up and running and notify
> > > administrator when for some reason in exits. I am running this code
> > > for more than a year now without any problems.
> > >
> > > Any comments and suggestions are welcome.
> >
> > Couldn't this just be done by init(8) and /etc/ttys? Or inetd? If you
> > want to write your own, couldn't you use waitpid()? Or a kevent() of
> > EVFILT_PROC with NOTE_EXIT/NOTE_FORK? I'm not sure I see the need for
> > this.
>
> EVFILT_PROC operates on pids, while NOTE_{START,STOP}EXEC operate on
> vnodes - it is the main difference. Currently, you can't reliably
> get a notification when kernes started executing some arbitrary
> executable from your fs.
This is not a job for the kernel, I don't think. Implement it in userland
in terms of having the daemon write to a pidfile at startup, and have SIGUSR1
make it tell the sender it's alive (using my sigq stuff this is trivial, just
send SIGUSR2 back), and periodically read the pidfile and try to communciate
with the daemon, and respawn it if it fails. This could be racey if done
poorly. However if you want this for *any* executable, rather than just
"some arbitrary executable" rather than some specific job, then while I wonder
how useful it is in a generic concept, the kq solution might be more
reasonable.
Juli Mallett <jmallett@FreeBSD.org> | FreeBSD: The Power To Serve
Will break world for fulltime employment. | finger jmallett@FreeBSD.org
http://people.FreeBSD.org/~jmallett/ | Support my FreeBSD hacking!
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021027010429.A90908>