Is there a way to put a process on some sort of "black list" in Linux?
4
- 3Why don't you want to stop the monitor? Presumably, the monitor's entire job is to check whether that process is running, log the status, and possibly restart the program.jpmc26– jpmc262018-02-25 08:45:02 +00:00Commented Feb 25, 2018 at 8:45
- 7This sounds like an X-Y Problem. What are you actually trying to achieve?David Foerster– David Foerster2018-02-25 09:26:26 +00:00Commented Feb 25, 2018 at 9:26
- Is it the process re-spawning itself or is the monitor process re-spawning it? Potentially of interest: stackoverflow.com/questions/30980234/…Dan Cornilescu– Dan Cornilescu2018-02-25 09:56:36 +00:00Commented Feb 25, 2018 at 9:56
- What actually is the monitor process?JdeBP– JdeBP2018-02-25 13:08:40 +00:00Commented Feb 25, 2018 at 13:08
Add a comment |
4 Answers
The normal way would be to change the configuration of the monitor program so that it doesn't keep doing that thing you don't want it to do. I'm going to assume you can't do that for some reason, but anything else is a workaround that won't work in all circumstances.
You can't blacklist a process: a process is a runtime entity. The process doesn't exist until it's started. Once it's started, it's too late to prevent it from starting. And how would you identify the process that shouldn't have started, anyway?
You can blacklist a program, or more precisely, a particular installation of a program. All programs are started from an executable file. So if you arrange for the executable file not to exist, it won't start. You could remove it, rename it, or even just make it not executable:
chmod a-x /path/to/program If you don't want or can't modify the filesystem for some reason, but have root access, you could even use a security framework such as SELinux or AppArmor to forbid the monitor from executing this particular program. But that's more complicated.
However, if a monitor keeps trying to respawn that program, it may or may not cope sensibly if the executable disappears. It may spam you (or some log files with error messages).
Assuming that the monitor only keeps the program alive (as opposed to checking the program functionality, e.g. a monitor for a web server process might periodically try to access a web page and restart the server if it isn't responding), you could replace the program by a program that does nothing but block forever. There's no program that does this in the basic utility collection, but you can write one easily:
#!/bin/sh while sleep 999999999; do :; done Depending on why you want to block that program, you may or may not be able to achieve a similar result by suspending the process of the original program, with pkill -STOP programname or kill -STOP 1234 where 1234 is the process ID. This keeps the process around, but doing nothing until explicitly resumed (with kill -CONT). The process won't consume any CPU time, and its memory will get swapped out when the system requires RAM for other things, but it does keep consuming resources such as open files.
answered Feb 24, 2018 at 23:35
Gilles 'SO- stop being evil'
866k205 gold badges1.8k silver badges2.3k bronze badges
- That program will only work run for 32 years ;)jkd– jkd2018-02-25 04:30:09 +00:00Commented Feb 25, 2018 at 4:30
- 1@jakekimdsΨ, that's why they put the loop around
sleep. :) Sadly, that's the most nines nines that can fit in a 32-bit value...ilkkachu– ilkkachu2018-02-25 06:59:06 +00:00Commented Feb 25, 2018 at 6:59 - Thanks for the answer! I just changed the rights of the file and it worked just fine. But what if I want to try the first method, and reconfigure the monitor process. In my case that would be the init process. How can I set which programs get started by init?fûX– fûX2018-02-25 16:24:46 +00:00Commented Feb 25, 2018 at 16:24
- @ilkkachu oops. Didn't see that. Thanks.jkd– jkd2018-02-25 19:47:02 +00:00Commented Feb 25, 2018 at 19:47
- 1@fuggs Depends on your init system. Modern Linux server/desktop systems use systemd, so it would be something like
systemctl stop nameoftheserviceorsystemctl --now disable nameoftheservicedepending on whether you want it to restart after a reboot or not. On embedded systems, it depends.Gilles 'SO- stop being evil'– Gilles 'SO- stop being evil'2018-02-25 22:29:38 +00:00Commented Feb 25, 2018 at 22:29
I would suggest to try freezing it instead of killing it. Depending on how its monitoring process is handling it, that might be enough.
kill -STOP <pid> 
A sure way is to rename that program, and then kill it one more time. When it can run again, give it back its original name.
sudo vi /etc/passwd Delete the user which the program respawns as. This will stop the process and its respawning.
- This solution would spawn another problem.asrulsibaoel– asrulsibaoel2024-08-29 02:40:59 +00:00Commented Aug 29, 2024 at 2:40