On 12/16/21 12:19, Noveljic Nenad
wrote:
Is there a kernel structure which stores command line arguments in Linux?
task_struct has comm, which contains only the program name.
I’m aware of the following possibilities, but they are inconvenient for my purpose:
- Reading /proc/PID files
- Capturing the second parameter of execve, which is the pointer to the array where the parameters are stored.
I’m trying to enrich the exitsnoop.py BCC script.
There is a file /proc/cmdline:
cat /proc/cmdline
BOOT_IMAGE=(hd0,gpt4)/boot/vmlinuz-5.15.7-200.fc35.x86_64
root=UUID=4f86ab79-7c07-4fdb-9153-407d69514f67 ro
rd.driver.blacklist=nouveau modprobe.blacklist=nouveau
nvidia-drm.modeset=0 selinux=0 iommu=pt
nvme_core.default_ps_max_latency_us=5500 delayacct rhgb quiet
-- Mladen Gogala Database Consultant Tel: (347) 321-1217 https://dbwhisperer.wordpress.com-- //www.freelists.org/webpage/oracle-l