connector: add an event for monitoring process tracers

This change adds a procfs connector event, which is emitted on every
successful process tracer attach or detach.

If some process connects to other one, kernelspace connector reports
process id and thread group id of both these involved processes. On
disconnection null process id is returned.

Such an event allows to create a simple automated userspace mechanism
to be aware about processes connecting to others, therefore predefined
process policies can be applied to them if needed.

Note, a detach signal is emitted only in case, if a tracer process
explicitly executes PTRACE_DETACH request. In other cases like tracee
or tracer exit detach event from proc connector is not reported.

Signed-off-by: Vladimir Zapolskiy <vzapolskiy@gmail.com>
Acked-by: Evgeniy Polyakov <zbr@ioremap.net>
Cc: David S. Miller <davem@davemloft.net>
Signed-off-by: Oleg Nesterov <oleg@redhat.com>

1 files changed, 6 insertions, 1 deletions

diff --git a/kernel/ptrace.c b/kernel/ptrace.c
index d7ccc79454f5..9de3ecfd20f9 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -23,6 +23,7 @@
 #include <linux/uaccess.h>
 #include <linux/regset.h>
 #include <linux/hw_breakpoint.h>
+#include <linux/cn_proc.h>
 
 
 static int ptrace_trapping_sleep_fn(void *flags)
@@ -305,9 +306,12 @@ unlock_tasklist:
 unlock_creds:
         mutex_unlock(&task->signal->cred_guard_mutex);
 out:
-        if (!retval)
+        if (!retval) {
                 wait_on_bit(&task->jobctl, JOBCTL_TRAPPING_BIT,
                             ptrace_trapping_sleep_fn, TASK_UNINTERRUPTIBLE);
+                proc_ptrace_connector(task, PTRACE_ATTACH);
+        }
+
         return retval;
 }
 
@@ -415,6 +419,7 @@ static int ptrace_detach(struct task_struct *child, unsigned int data)
         }
         write_unlock_irq(&tasklist_lock);
 
+        proc_ptrace_connector(child, PTRACE_DETACH);
         if (unlikely(dead))
                 release_task(child);