On Mon, Sep 15, 2008 at 03:35:16PM +0200, Bernd Finger wrote:
> I'd like to know if it's possible to stop a process (using the stop()
> destructive action, for example) shortly before it exits? If I do
> something like:
>
> proc:::exit
> /uid == 4/
> {
> stop();
> }
>
> it's apparently already too late. The Dynamic Tracing guide mentions
> that stop() will force the process to stop when it next leaves the
> kernel, so maybe it's not possible to stop the process at this point in
> time (e.g. because it will no longer be running after it next leaves the
> kernel). Is there any other probe that will fire in time so that the
> process can be stopped before it exits?
The proc:::exit probe is, indeed, too late, but you can catch it in the
probe for the exit(2) system call (syscall::rexit:entry).
Adam
--
Adam Leventhal, Fishworks http://blogs.sun.com/ahl
_______________________________________________
dtrace-discuss mailing list
[email protected]
