Is it possible to receive a notification (via a callback or the like) when a new process is running, when it is closed, and when the state changes (i.e., stopped, unloaded, etc.)? In the user zone, it would be easy to configure a directory listener on / proc.
Have you considered kprobes? You can use kprobes to execute a callback function when executing some kernel code. For example, you can add do_fork kprobe to notify you of new processes in this example .
do_fork
Similarly, you can add a probe for do_exit() to catch when the processes are complete.
do_exit()
To change the state, you can have a return sensor on sched_switch() and catch when the state changes. Depending on your application, this may add too much overhead.
sched_switch()
If you only want to collect data, do some light processing and donโt want to do more with the kernel module, systemtap can be a good alternative to writing a kernel module: https://sourceware.org/systemtap/documentation.html
More on kprobes: https://www.kernel.org/doc/Documentation/kprobes.txt
sched_switch() Example system: https://sourceware.org/systemtap/examples/profiling/sched_switch.stp
Source: https://habr.com/ru/post/1204202/More articles:Computing from a pivot table using Pandas - pythonGoogle Cloud Messaging, 401 Unauthorized returns when a client notification key is created - google-cloud-messagingIs there a way to view all routes on a Hapi server - node.jsGoogle Cloud Messaging (GCM) with local groups of devices on Android gives HTTP error code 401 - androidGCM-based group device management - androidConvert Pandas DataFrame to JSON as an element of a larger data structure - jsonWPF casting in binding path - castingget 401 gcm notification key error https://android.googleapis.com/gcm/googlenotification - androidHow do I know if sendto () with TCP Fast Open uses Fast Open? - cAutowire JNDI Resource in Spring - springAll Articles