On Tue, 15 Nov 2022 at 00:36, Christoph Anton Mitterer <
[email protected]> wrote:
> $ hd /proc/19557/cmdline
> 00000000 73 73 68 3a 20 2f 68 6f 6d 65 2f 63 61 6c 65 73 |ssh:
> /home/cales|
> 00000010 74 79 6f 2f 2e 73 73 68 2f 6d 75 78 2f 72 6f 6f
> |tyo/.ssh/mux/roo|
> 00000020 74 40 6c 63 67 2d 6c 72 7a 2d 61 64 6d 69 6e 2e
> |t@lcg-lrz-admin.|
> 00000030 67 72 69 64 2e 6c 72 7a 2e 64 65 3a 32 32 20 5b |
> grid.lrz.de:22 [|
> 00000040 6d 75 78 5d 00 |mux].|
> 00000045
>
> That there's only exactly one trailing 0x0.
>
Ah, that might be the hint I needed.
> > That's how the argument list is stored. libproc parses it out into a
> > set of strings or one long string.
>
> Okay... but shouldn't it still be able to match?
>
It can, but what we think the string is is not what the string actually is,
I suspect.
Each one of those 0x0 are delimiters, so if there was two of them at the
end we would have:
argv[0] DELIM argv[1] DELIM argv[2]
Where DELIM is the " " delimiter ps uses and argv[2]=""
So when the cmdline is:
$ cat /proc/34724/cmdline | hd
00000000 73 73 68 3a 20 2f 68 6f 6d 65 2f 63 61 6c 65 73 |ssh:
/home/cales|
00000010 74 79 6f 2f 2e 73 73 68 2f 6d 75 78 2f 72 6f 6f
|tyo/.ssh/mux/roo|
00000020 74 40 6c 63 67 2d 6c 72 7a 2d 61 64 6d 69 6e 2e
|t@lcg-lrz-admin.|
00000030 67 72 69 64 2e 6c 72 7a 2e 64 65 3a 32 32 20 5b |grid.lrz.de:22
[|
00000040 6d 75 78 5d 00 00 00 00 00 00 |mux]......|
0000004a
The arglist is doesn't end with "[mux]" but "[mux] ". While looking
odd, this is what the argument list actually is.
There is a difference between
If it does that strange not-matching again, try ending with " *" or
[[:space:]]*"
I found postgres does this too.
$ hd /proc/1291/cmdline
00000000 70 6f 73 74 67 72 65 73 3a 20 31 33 2f 6d 61 69 |postgres:
13/mai|
00000010 6e 3a 20 44 65 62 69 61 6e 2d 6d 69 6e 65 74 65 |n:
Debian-minete|
00000020 73 74 20 6d 69 6e 65 74 65 73 74 5f 77 6f 72 6c |st
minetest_worl|
00000030 64 31 20 5b 6c 6f 63 61 6c 5d 20 69 64 6c 65 00 |d1 [local]
idle.|
00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|................|
*
00000070 00 00 00 00 00 00 00 00 00 00 |..........|
0000007a
$ pgrep --full 'idle$'
$ pgrep --full 'idle[[:space:]]+$'
1075
1088
1089
1291
1293
1298
1300
1715
1720
2349
Another strange thing, the proc(5) manpage says:
/proc/[pid]/cmdline
This read-only file holds the complete command line for the
process, unless the process is a zombie. In the latter case, there is
nothing in this file: that is, a read on this file will return 0
characters. The command-line arguments appear in this file as a
set of strings separated by null bytes ('\0'), with a further
null byte after the last string.
But neither your or my example has that, its a space. That's the kernel
doing something odd.
- Craig
- Craig
