3

I have a monitoring program that I'd like to check on various processes in the system, and know when they terminate. I'd also like to know their exit code, in case they crash. However, my program is not a parent of the processes to be monitored.

In Windows, this is easy: OpenProcess for SYNCHRONIZE rights, WaitForMultipleObjectsEx to wait for any of them to terminate, then GetExitCodeProcess to find out why it terminated (with NTSTATUS error codes if the reason was an exception).

But in Linux, the equivalent of these, waitpid, only works on your own child processes, not unrelated processes. We tried ptrace, but this caused its own issues, such as greatly slowing down signal processing.

This program is intended to run as root.

Is there a way to implement this, other than just polling /proc/12345 until it disappears?

Myria
  • 3,372
  • 1
  • 24
  • 42
  • Can you post a minimal example using ptrace? That looks like the right way to do it in linux, but perhaps it can be improved. – dave Oct 08 '15 at 00:34

1 Answers1

0

Can't think of an easy way to collect the termination statuses, but as for simple death events, you can, as root, inject an open call to a file you'll have the other end of and then you can do select on your end of the file descriptor. When the other end dies, it'll generate a close event on the filedescriptor you have the other end of.

A (very ugly) example:

mkfifo /tmp/fifo #A channel to communicate death events
sleep 1000 &     #Simulate your victim process
echo $! #Make note of the pid you want

 #In another terminal

 sudo gdb -ex "attach $thePid" -ex ' call open("/tmp/fifo",0,0)' -ex  'quit'
 exec 3>/tmp/fifo
 ruby -e 'fd = IO.select([IO.for_fd(3)]); puts "died" '

 #In yet another terminal
 kill $thePid #the previous terminal will print `died` immediately
 #even though it's not the parent of $thePid
Petr Skocik
  • 58,047
  • 6
  • 95
  • 142