0

Let's suppose I want to hook strace to a program to capture which files it writes to. I need an existing PID for that. If I hook up strace, by that point the script might already have written files, which I'll miss. Classic race condition. What I do now is trying to make another program that runs the original script which does nothing but sleep 1 before the command is ran, so that I get the full strace. This feels like a bad thing to do. And performance issues come to play if running a lot of scripts. But I can't hook up strace without an existing PID. Or?

Improve this question

1 Answer 1

Reset to default
2

Replace the script with a wrapper that runs strace that in turn launches the original script. This might involve

mv yourscript /somewhere/else/yourscript

and then yourscript becomes

#!/bin/sh OUTPUT_TO=`mktemp /tmp/yourscript.$$.XXXXXXXXXX` || exit 1 exec strace -o $OUTPUT_TO ... /somewhere/else/yourscript "$@"

where ... is whatever other strace arguments you need.

As an alternative, consider sysdig, as it can trace by filename or username without the need for a process ID or wrapper script:

sysdig -p '%fd.name' proc.name contains yourscript
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.