Let's suppose I want to hook strace to a program to capture which files it writes to. I need an existing PID for that. If I hook up strace, by that point the script might already have written files, which I'll miss. Classic race condition. What I do now is trying to make another program that runs the original script which does nothing but sleep 1 before the command is ran, so that I get the full strace. This feels like a bad thing to do. And performance issues come to play if running a lot of scripts. But I can't hook up strace without an existing PID. Or?
Add a comment |
1 Answer
Replace the script with a wrapper that runs strace that in turn launches the original script. This might involve
mv yourscript /somewhere/else/yourscript and then yourscript becomes
#!/bin/sh OUTPUT_TO=`mktemp /tmp/yourscript.$$.XXXXXXXXXX` || exit 1 exec strace -o $OUTPUT_TO ... /somewhere/else/yourscript "$@" where ... is whatever other strace arguments you need.
As an alternative, consider sysdig, as it can trace by filename or username without the need for a process ID or wrapper script:
sysdig -p '%fd.name' proc.name contains yourscript 