diff options
Diffstat (limited to 'src/firemon/procevent.c')
-rw-r--r-- | src/firemon/procevent.c | 57 |
1 files changed, 47 insertions, 10 deletions
diff --git a/src/firemon/procevent.c b/src/firemon/procevent.c index e17ed659b..430730374 100644 --- a/src/firemon/procevent.c +++ b/src/firemon/procevent.c | |||
@@ -301,7 +301,9 @@ static void __attribute__((noreturn)) procevent_monitor(const int sock, pid_t my | |||
301 | proc_ev = (struct proc_event *)cn_msg->data; | 301 | proc_ev = (struct proc_event *)cn_msg->data; |
302 | pid_t pid = 0; | 302 | pid_t pid = 0; |
303 | pid_t child = 0; | 303 | pid_t child = 0; |
304 | char *new_comm = NULL; | ||
304 | int remove_pid = 0; | 305 | int remove_pid = 0; |
306 | int nodisplay = 0; | ||
305 | switch (proc_ev->what) { | 307 | switch (proc_ev->what) { |
306 | case PROC_EVENT_FORK: | 308 | case PROC_EVENT_FORK: |
307 | #ifdef DEBUG_PRCTL | 309 | #ifdef DEBUG_PRCTL |
@@ -322,6 +324,7 @@ static void __attribute__((noreturn)) procevent_monitor(const int sock, pid_t my | |||
322 | pids[child].parent = pid; | 324 | pids[child].parent = pid; |
323 | } | 325 | } |
324 | sprintf(lineptr, " fork"); | 326 | sprintf(lineptr, " fork"); |
327 | nodisplay = 1; | ||
325 | break; | 328 | break; |
326 | case PROC_EVENT_EXEC: | 329 | case PROC_EVENT_EXEC: |
327 | pid = proc_ev->event_data.exec.process_tgid; | 330 | pid = proc_ev->event_data.exec.process_tgid; |
@@ -363,6 +366,7 @@ static void __attribute__((noreturn)) procevent_monitor(const int sock, pid_t my | |||
363 | sprintf(lineptr, " uid (%d:%d)", | 366 | sprintf(lineptr, " uid (%d:%d)", |
364 | proc_ev->event_data.id.r.ruid, | 367 | proc_ev->event_data.id.r.ruid, |
365 | proc_ev->event_data.id.e.euid); | 368 | proc_ev->event_data.id.e.euid); |
369 | nodisplay = 1; | ||
366 | break; | 370 | break; |
367 | 371 | ||
368 | case PROC_EVENT_GID: | 372 | case PROC_EVENT_GID: |
@@ -379,6 +383,7 @@ static void __attribute__((noreturn)) procevent_monitor(const int sock, pid_t my | |||
379 | sprintf(lineptr, " gid (%d:%d)", | 383 | sprintf(lineptr, " gid (%d:%d)", |
380 | proc_ev->event_data.id.r.rgid, | 384 | proc_ev->event_data.id.r.rgid, |
381 | proc_ev->event_data.id.e.egid); | 385 | proc_ev->event_data.id.e.egid); |
386 | nodisplay = 1; | ||
382 | break; | 387 | break; |
383 | 388 | ||
384 | 389 | ||
@@ -391,6 +396,41 @@ static void __attribute__((noreturn)) procevent_monitor(const int sock, pid_t my | |||
391 | sprintf(lineptr, " sid "); | 396 | sprintf(lineptr, " sid "); |
392 | break; | 397 | break; |
393 | 398 | ||
399 | case PROC_EVENT_COREDUMP: | ||
400 | pid = proc_ev->event_data.coredump.process_tgid; | ||
401 | #ifdef DEBUG_PRCTL | ||
402 | printf("%s: %d, event coredump, pid %d\n", __FUNCTION__, __LINE__, pid); | ||
403 | #endif | ||
404 | sprintf(lineptr, " coredump "); | ||
405 | break; | ||
406 | |||
407 | case PROC_EVENT_COMM: | ||
408 | pid = proc_ev->event_data.comm.process_tgid; | ||
409 | #ifdef DEBUG_PRCTL | ||
410 | printf("%s: %d, event comm, pid %d\n", __FUNCTION__, __LINE__, pid); | ||
411 | #endif | ||
412 | if (proc_ev->event_data.comm.process_pid != | ||
413 | proc_ev->event_data.comm.process_tgid) | ||
414 | continue; // this is a thread, not a process | ||
415 | |||
416 | if (pids[pid].level == 1 || | ||
417 | pids[pids[pid].parent].level == 1) { | ||
418 | sprintf(lineptr, "\n"); | ||
419 | continue; | ||
420 | } | ||
421 | else | ||
422 | sprintf(lineptr, " comm %s", proc_ev->event_data.comm.comm); | ||
423 | nodisplay = 1; | ||
424 | break; | ||
425 | |||
426 | case PROC_EVENT_PTRACE: | ||
427 | pid = proc_ev->event_data.ptrace.process_tgid; | ||
428 | #ifdef DEBUG_PRCTL | ||
429 | printf("%s: %d, event ptrace, pid %d\n", __FUNCTION__, __LINE__, pid); | ||
430 | #endif | ||
431 | sprintf(lineptr, " ptrace "); | ||
432 | break; | ||
433 | |||
394 | default: | 434 | default: |
395 | #ifdef DEBUG_PRCTL | 435 | #ifdef DEBUG_PRCTL |
396 | printf("%s: %d, event unknown\n", __FUNCTION__, __LINE__); | 436 | printf("%s: %d, event unknown\n", __FUNCTION__, __LINE__); |
@@ -449,7 +489,7 @@ static void __attribute__((noreturn)) procevent_monitor(const int sock, pid_t my | |||
449 | if (!cmd) { | 489 | if (!cmd) { |
450 | cmd = pid_proc_cmdline(pid); | 490 | cmd = pid_proc_cmdline(pid); |
451 | } | 491 | } |
452 | if (cmd == NULL) | 492 | if (cmd == NULL || nodisplay) |
453 | sprintf(lineptr, "\n"); | 493 | sprintf(lineptr, "\n"); |
454 | else { | 494 | else { |
455 | sprintf(lineptr, " %s\n", cmd); | 495 | sprintf(lineptr, " %s\n", cmd); |
@@ -473,15 +513,12 @@ static void __attribute__((noreturn)) procevent_monitor(const int sock, pid_t my | |||
473 | } | 513 | } |
474 | 514 | ||
475 | // print forked child | 515 | // print forked child |
476 | if (child) { | 516 | if (child) |
477 | cmd = pid_proc_cmdline(child); | 517 | printf("\tchild %u\n", child); |
478 | if (cmd) { | 518 | |
479 | printf("\tchild %u %s\n", child, cmd); | 519 | // print new comm |
480 | free(cmd); | 520 | if (new_comm) |
481 | } | 521 | printf("\tnew comm %s\n", new_comm); |
482 | else | ||
483 | printf("\tchild %u\n", child); | ||
484 | } | ||
485 | 522 | ||
486 | // on uid events the uid is changing | 523 | // on uid events the uid is changing |
487 | if (proc_ev->what == PROC_EVENT_UID) { | 524 | if (proc_ev->what == PROC_EVENT_UID) { |