What happened to my /proc/curproc/file?
Sam Varshavchik
mrsam at courier-mta.com
Tue Sep 4 23:46:25 UTC 2012
John Baldwin writes:
> On Tuesday, September 04, 2012 7:10:42 am Sam Varshavchik wrote:
> > Konstantin Belousov writes:
> >
> > > The procfs links, as well as any other user of vn_fullpath(9) function,
> > > can only translate a vnode to path if namecache contains useful data.
> > > As such, the facilities are not guaranteed to success all the time.
> > >
> > > In case of rmdir(2), UFS explicitely purges the cache for directory which
> > > contained direntry of the removed directory. I suspect that you have
> > > your test program binary located in the same directory which was the
> parent
> > > of the removed one.
> >
> > Correct. Looks like the same thing applies if I try to use sysctl to get
> > KERN_PROC_PATHNAME.
> >
> > I need some reliable way to get a process's executable file's name, as long
> > as it's meaningful (the executable file hasn't been removed).
>
> There isn't one. What if the file is renamed, or what if it was executed via
> a symlink that has been removed?
If the file is renamed, shouldn't its new name be known? If I give the
file's supposed new name to realpath(3), its man page says I'll get back
the equivalent absolute pathname. Works for me.
And, I thought that the resolved pathname, in any case, would be the one
after all the symlink resolution takes place, like /proc shows on Linux: if,
say, I have /usr/local symlinked to /mnt/local-mnt,
exec("/usr/local/bin/furgle") gives me a process that, according to /proc,
is /mnt/local-mnt/bin/furgle.
> What if there are multiple hard links,
> which
> one is the "correct" path to return?
I would say whichever one of them was used to exec() the process. But either
one would be ok, I suppose.
> The namecache bits are a best effort,
> but
> if those are purged, the only approach are left with is a brute-force crawl
> of
> the filesystem looking for a file whose stat() results match your executable.
Well, for logging purposes, after I get a client process's credentials
passed through a domain socket, I was hoping to use the credentials' pid to
log the process's executable name. At least that's the code that I'm porting
is doing; but this is going to throw a big monkey wrench into the whole
thing.
Is the dev+ino of what was exec()ed known, for another process? I might be
able to get the client voluntarily submit its argv[0], then independently
have the server validate it by stat()ing that, and comparing the result
against what the kernel says the process's inode is.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20120904/78879f55/attachment.pgp
More information about the freebsd-hackers
mailing list