Skip to content

Commit

Permalink
execsnoop: Fix -x handling
Browse files Browse the repository at this point in the history 
Execsnoop's documentation says -x/--fails means "also include failed
exec()s". However it was programmed to instead skip successful execs on
-x and without -x show all - successful and unsuccessful ones.

The logic was broken in 5b47e0f ("execsnoop: use BPF_PERF_OUTPUT
instead of trace pipe").

Fix it.

P.S. current test_tools_smoke.py only provides basic infrastructure for
testing whether tool's BPF program won't break, without anything related
to options handling, so unfortunately the patch comes without
corresponding test.
  • Loading branch information
@navytux
navytux committed Sep 24, 2017
1 parent ac5c03c commit ce36bb6
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion tools/execsnoop.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -191,7 +191,7 @@ def print_event(cpu, data, size):
if event.type == EventType.EVENT_ARG:
argv[event.pid].append(event.argv)
elif event.type == EventType.EVENT_RET:
if args.fails and event.retval == 0:
if event.retval != 0 and not args.fails:
skip = True
if args.name and not re.search(args.name, event.comm):
skip = True
Expand Down

0 comments on commit ce36bb6

Please sign in to comment.