Add support for dynamically adding forked processes to the active pid list #18
Labels
enhancement
New feature or request
Comments
alessandrogario
changed the title
|
Any idea for this? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Ebpfault does not inject child process of a program. If an application creates a fork and this fork open a file, ebpfault will not catch the event. Example:
bash -c "echo 'create file to read from: /mnt/data/disk-read-file' && dd if=/dev/zero of=/mnt/data/disk-read-file bs=10k count=1; while true; do time dd if=/mnt/data/disk-read-file of=/dev/null iflag=direct; sleep 1; done"The previous command will not be impacted by ebpfault because the dd command will be executed in a child process:
strace -e trace=openat -p xxx --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16039, si_uid=0, si_status=0, si_utime=0, si_stime=1} --- --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=16042, si_uid=0, si_status=0, si_utime=1, si_stime=0} ---Do you think we can implement this feature (We could add a flag like
-f --follow)?The text was updated successfully, but these errors were encountered: