Open
Description
This is the updated version 2 introduced in up to this commit 964f37f
{
"pid": "61754",
"proc": "Code Helper (Plugin",
"exec_path": "",
"events": [
{
"fname": "[[UNKNOWN]]",
"open": "",
"close": "23:18:42.569602",
"mode": 3
},
{
"fname": "[[UNKNOWN]]",
"open": "",
"close": "23:18:42.569618",
"mode": 0
},
{
"fname": "[[UNKNOWN]]",
"open": "",
"close": "23:18:42.569622",
"mode": 0
},
{
"fname": "[[UNKNOWN]]",
"open": "",
"close": "",
"mode": 3
}
]
}The issue here is locating the exec_path of the running process with a specific pid.
To find the execution path for a specific command, I used ps -A -o pid,command. This only shows the pid and the command part of all running processes. If we have a specific process id, we're interested in its command part for our data. However, I couldn't retrieve the full command using this method. The problems were:
- For most processes, the command part was empty. Only a few processes occasionally showed the command part. So, I left the field empty in the compressed data. I couldn't pinpoint the exact issue as I didn't have much time to investigate further. My guess is there might be a flag in
psthat allows us to see all processes, even those from other users. I tried running the command with sudo, but it didn't help. It's possible that the process finished running just before I could capture it. - Even for the few processes where I could get the command part, there were discrepancies between what I saw in my compressed data and what
sudoandpsshowed. I'm not sure why this happened since I only usedfs_usagefor file system calls.