As I known, BSD process audit only can be done inside a process, and audit result is just visible afterit breaks ABI because this structure is communicated to userspace, andMany structures exported to user space in kernel are undergoing some change, A good application shouldn't count on invariability forever,
you change both the layout and the size of it. What else would ABI
mean??
My test application hasn't any problem before change and after change.
this is absolutely incorrect. This is an ABI that cannot change in any
incompatible way.
but... what makes you think it's not a kernel thread such as kjournald?you can get values of these fields without any problem for kernel thread although they are useless.
(which have basically meaningless current)
exactly
there is no "full path name" concept in linux like that. And even worse,For this case you said, this patch has now way really, do you have a good way to handle this case?
many processes will not have *any* path because they have been deleted,
especially the viruses will use this ;)
it sounds that what you want to achieve is broken in the first place...
(or should use audit etc)