Re: [RFC] "biological parent" pid

[Tim Schmielau]

On Tue, 1 Feb 2005, Bernd Eckenfels wrote:

> In article <Pine.LNX.4.53.0501311923440.18039@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> you wrote:
> > I am not aware of concepts in Linux or other unices that apply to this
> > case.
> 
> Normal process accounting.

Sure. That's what the patch was made for. Or do you have anything else
in mind than BSD accounting?

> If you want to keep the pid of the bio-parent, you also need to keep the
> start-time to make it unique.

Yes, that's what I wrote: A process would be uniquely identified by the
(btime, pid) pair, in terms of BSD accounting field names. Or
(start_time, pid), if we use the names of task_struct members.

> Better would be to have a all-time-unqiue process handle.

Yes, but that would need new infrastructure. So instead of assigning new
64 bit process handles, we can just just that pair of 32 bit variables.

> But I think it is better to not have that field, but use
> audit logs. That is especially needed if you want to track chains, because
> it doesnt help you to know the bio parent if you have no idea what that was.

That's the kind of comment I was actually seeking - maybe what I'm trying 
is not really worth because anyone interested in its reliability and 
security would use auditing anyways.

But still it might be useful for 'home use', because I do have an idea of 
what the parent was if I keep the BSD accounting records.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/