New release, lots of goodies, including:
* Added sctrace, an experimental strace(1) compatible tool based on
the syscalltrack framework. 'sctrace command' or 'sctrace -p pid'
will load rules matching the given executable (or pid) for all
supported system calls and log their invocation to the log file (or
* experimental logging device file, /dev/sct_log, and a utility to
control its behaviour, sct_logctrl. syscalltrack can now log system
call invocation either to syslog or directly to a device
file. Note that the format of information logged to the device file
will change in future versions (from text based to a binary
* Fixed a bug in the automatic code generated for system call stubs
for system calls which have a pointer parameter. This bug exists in
older syscalltrack versions and while it's harmless, users are still
encouraged to upgrade.
* Fixed a bug in the kernel module reference counting code when
deleting a single rule. This code path wasn't in use until
* Fix wrong usage of size_t and other portability cleanups. Fix
strstream/stringstream usage to work with gcc version before 3 and
* Support all of the IPC system calls (contributed by Gilad
* More new syscalls: execve, statfs, fstatfs, newstat, newlstat,
newfstat, getrusage, getgroups16, old_readdir and old_mmap.
* a proof-of-concept GUI tool, gtksct(1).
* new man pages, courtesy of Baruch Even for the debian package of
Log in to post a comment.