From 059ff55dfe3d3d2b0f15881e6b84be7397b3bded Mon Sep 17 00:00:00 2001
From: Bastian Reitemeier <mail@brtmr.de>
Date: Sun, 8 Apr 2018 22:26:46 +0200
Subject: [PATCH] Added -q option to the USAGE string in execsnoop. Added -q
 option to the manpage for execsnoop

---
 man/man8/execsnoop.8 | 8 ++++++++
 tools/execsnoop.py   | 1 +
 2 files changed, 9 insertions(+)

diff --git a/man/man8/execsnoop.8 b/man/man8/execsnoop.8
index a694cede36d1..0efd89f45007 100644
--- a/man/man8/execsnoop.8
+++ b/man/man8/execsnoop.8
@@ -30,6 +30,10 @@ Include a timestamp column.
 \-x
 Include failed exec()s
 .TP
+\-q
+Add "quotemarks" around arguments. Escape quotemarks in arguments with a
+backslash. For tracing empty arguments or arguments that contain whitespace. 
+.TP
 \-n NAME
 Only print command lines matching this name (regex)
 .TP
@@ -52,6 +56,10 @@ Include failed exec()s:
 #
 .B execsnoop \-x
 .TP
+Put quotemarks around arguments. 
+#
+.B execsnoop \-q
+.TP
 Only trace exec()s where the filename contains "mount":
 #
 .B execsnoop \-n mount
diff --git a/tools/execsnoop.py b/tools/execsnoop.py
index 924f1736111d..5f245a5ae182 100755
--- a/tools/execsnoop.py
+++ b/tools/execsnoop.py
@@ -31,6 +31,7 @@
     ./execsnoop           # trace all exec() syscalls
     ./execsnoop -x        # include failed exec()s
     ./execsnoop -t        # include timestamps
+    ./execsnoop -q        # add "quotemarks" around arguments
     ./execsnoop -n main   # only print command lines containing "main"
     ./execsnoop -l tpkg   # only print command where arguments contains "tpkg"
 """