2.6.3 Solution to Exercise: Using a Predicate to Control the Execution of an Action

The only change that is required to specify the name of an executable is to add a predicate to the proc::_do_fork:create probe, for example:

/execname == "bash"/

A more generic version of the program sets the predicate check value from a passed-in command-line argument instead, for example:

/execname == $1/