On my Linux system, I have wrapped an executable to diagnose its invocations.
However, the executable is provided by a Linux package, so things may go wrong when the system tries to upgrade the package: either the package manager will notice that the file has the wrong contents and refuse to upgrade, or it won't and my wrapper will be gone. The system uses automatic nightly upgrades, so I can't intervene to prevent this.
So it would be nice to achieve the effect of wrapping the executable without actually wrapping it. This would require a notification mechanism that can be configured to call a specified executable (my wrapper) whenever the target executable (and only that executable) is called.
Does such a mechanism exist? Can you tell me how to use it to achieve this?
The following don't seem to fit the bill:
- auditd: doesn't log the information I need
- inotify: unreliable, asynchronous, and unable to call an executable
- wrapping
exec*()withLD_PRELOAD: too invasive, I want to leave all calls alone except the ones to this executable - SystemTap: black magic, baroque, I need something much simpler
What am I overlooking?
