mirrors/opensnitch
1
0
Fork 0
mirror of https://github.com/evilsocket/opensnitch.git synced 2025-03-04 16:44:46 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
opensnitch/daemon/procmon/details.go

290 lines
7.6 KiB
Go
Raw Normal View History

added dialog to inspect details of a process in realtime (procfs) New dialog added to display details of a process in realtime, gathered from ProcFS. Process tab -> double click on an app -> click on the button with the search icon. We have also improved the discovery of apps icons and names. It should work better on systems where the DE is not properly configured. Tested, but not bulletproof, still in beta.
2020-11-16 17:09:52 +01:00
package procmon
import (
"bufio"
"fmt"
"io/ioutil"
"os"
netlink: de/serialize ipv6, dump socket list - De/Serialize IPv6 connections. - Added SocketsDump() to list all sockets currently in the kernel. - [proc details] Resolve all the sockets an application has opened and translate them to network data, e.g: ``` ls -l /proc/1234/fd/ 0 ... 25 -> socket[12345678] ``` to ``` 0 .... 25 -> socket[12345678] - 54321:10.0.2.2 -> github.com:443, state: established ```
2020-11-20 00:53:29 +01:00
"regexp"
added dialog to inspect details of a process in realtime (procfs) New dialog added to display details of a process in realtime, gathered from ProcFS. Process tab -> double click on an app -> click on the button with the search icon. We have also improved the discovery of apps icons and names. It should work better on systems where the DE is not properly configured. Tested, but not bulletproof, still in beta.
2020-11-16 17:09:52 +01:00
"strconv"
"strings"
updated import paths
2020-12-09 18:18:42 +01:00
"github.com/evilsocket/opensnitch/daemon/core"
"github.com/evilsocket/opensnitch/daemon/dns"
ebpf: improved process detection/new events module Improved process detections by monitoring new processes execution. It allow us to know the path of a process before a socket is opened. Closes #617 Other improvements: - If we fail to retrieve the path of a process, then we'll use the comm name of the connection/process. - Better kernel connections detection. - If debugfs is not loaded, we'll try to mount it, to allow to use eBPF monitor method. Future work (help wanted): - Extract command line arguments from the kernel (sys_execve, or mm struct). - Monitor other functions (execveat, clone*, fork, etc). - Send these events to the server (GUI), and display all the commands an application has executed.
2022-06-24 01:09:45 +02:00
"github.com/evilsocket/opensnitch/daemon/log"
updated import paths
2020-12-09 18:18:42 +01:00
"github.com/evilsocket/opensnitch/daemon/netlink"
added dialog to inspect details of a process in realtime (procfs) New dialog added to display details of a process in realtime, gathered from ProcFS. Process tab -> double click on an app -> click on the button with the search icon. We have also improved the discovery of apps icons and names. It should work better on systems where the DE is not properly configured. Tested, but not bulletproof, still in beta.
2020-11-16 17:09:52 +01:00
)
netlink: de/serialize ipv6, dump socket list - De/Serialize IPv6 connections. - Added SocketsDump() to list all sockets currently in the kernel. - [proc details] Resolve all the sockets an application has opened and translate them to network data, e.g: ``` ls -l /proc/1234/fd/ 0 ... 25 -> socket[12345678] ``` to ``` 0 .... 25 -> socket[12345678] - 54321:10.0.2.2 -> github.com:443, state: established ```
2020-11-20 00:53:29 +01:00
var socketsRegex, _ = regexp.Compile(`socket:\[([0-9]+)\]`)
added dialog to inspect details of a process in realtime (procfs) New dialog added to display details of a process in realtime, gathered from ProcFS. Process tab -> double click on an app -> click on the button with the search icon. We have also improved the discovery of apps icons and names. It should work better on systems where the DE is not properly configured. Tested, but not bulletproof, still in beta.
2020-11-16 17:09:52 +01:00
// GetInfo collects information of a process.
func (p *Process) GetInfo() error {
ebpf: improved process detection/new events module Improved process detections by monitoring new processes execution. It allow us to know the path of a process before a socket is opened. Closes #617 Other improvements: - If we fail to retrieve the path of a process, then we'll use the comm name of the connection/process. - Better kernel connections detection. - If debugfs is not loaded, we'll try to mount it, to allow to use eBPF monitor method. Future work (help wanted): - Extract command line arguments from the kernel (sys_execve, or mm struct). - Monitor other functions (execveat, clone*, fork, etc). - Send these events to the server (GUI), and display all the commands an application has executed.
2022-06-24 01:09:45 +02:00
if os.Getpid() == p.ID {
return nil
}
// if the PID dir doesn't exist, the process may have exited or be a kernel connection
// XXX: can a kernel connection exist without an entry in ProcFS?
if p.Path == "" && core.Exists(fmt.Sprint("/proc/", p.ID)) == false {
log.Debug("PID can't be read /proc/ %d %s", p.ID, p.Comm)
// The Comm field shouldn't be empty if the proc monitor method is ebpf or audit.
// If it's proc and the corresponding entry doesn't exist, there's nothing we can
// do to inform the user about this process.
if p.Comm == "" {
return fmt.Errorf("Unable to get process information")
}
}
p.ReadCmdline()
p.ReadComm()
p.ReadCwd()
if err := p.ReadPath(); err != nil {
log.Error("GetInfo() path can't be read")
added dialog to inspect details of a process in realtime (procfs) New dialog added to display details of a process in realtime, gathered from ProcFS. Process tab -> double click on an app -> click on the button with the search icon. We have also improved the discovery of apps icons and names. It should work better on systems where the DE is not properly configured. Tested, but not bulletproof, still in beta.
2020-11-16 17:09:52 +01:00
return err
}
ebpf: improved process detection/new events module Improved process detections by monitoring new processes execution. It allow us to know the path of a process before a socket is opened. Closes #617 Other improvements: - If we fail to retrieve the path of a process, then we'll use the comm name of the connection/process. - Better kernel connections detection. - If debugfs is not loaded, we'll try to mount it, to allow to use eBPF monitor method. Future work (help wanted): - Extract command line arguments from the kernel (sys_execve, or mm struct). - Monitor other functions (execveat, clone*, fork, etc). - Send these events to the server (GUI), and display all the commands an application has executed.
2022-06-24 01:09:45 +02:00
p.ReadEnv()
return nil
}
// GetExtraInfo collects information of a process.
func (p *Process) GetExtraInfo() error {
p.ReadEnv()
added dialog to inspect details of a process in realtime (procfs) New dialog added to display details of a process in realtime, gathered from ProcFS. Process tab -> double click on an app -> click on the button with the search icon. We have also improved the discovery of apps icons and names. It should work better on systems where the DE is not properly configured. Tested, but not bulletproof, still in beta.
2020-11-16 17:09:52 +01:00
p.readDescriptors()
p.readIOStats()
p.readStatus()
return nil
}
ebpf: improved process detection/new events module Improved process detections by monitoring new processes execution. It allow us to know the path of a process before a socket is opened. Closes #617 Other improvements: - If we fail to retrieve the path of a process, then we'll use the comm name of the connection/process. - Better kernel connections detection. - If debugfs is not loaded, we'll try to mount it, to allow to use eBPF monitor method. Future work (help wanted): - Extract command line arguments from the kernel (sys_execve, or mm struct). - Monitor other functions (execveat, clone*, fork, etc). - Send these events to the server (GUI), and display all the commands an application has executed.
2022-06-24 01:09:45 +02:00
// ReadComm reads the comm name from ProcFS /proc/<pid>/comm
func (p *Process) ReadComm() error {
if p.Comm != "" {
return nil
}
Allow to intercept more kernel connections (#513) * Allow to intercept some kernel connections Some connections are initiated from kernel space, like WireGuard VPNs (#454), NFS or SMB connections (#502) and ip tunnels (#500). Note: This feature is complete for x86_64, WIP for aarch64, and not supported for armhf and i386 https://github.com/evilsocket/opensnitch/pull/513#issuecomment-924400824 More information regarding this change: #493
2021-09-23 01:44:12 +02:00
data, err := ioutil.ReadFile(fmt.Sprintf("/proc/%d/comm", p.ID))
if err != nil {
return err
}
p.Comm = core.Trim(string(data))
return nil
}
ebpf: improved process detection/new events module Improved process detections by monitoring new processes execution. It allow us to know the path of a process before a socket is opened. Closes #617 Other improvements: - If we fail to retrieve the path of a process, then we'll use the comm name of the connection/process. - Better kernel connections detection. - If debugfs is not loaded, we'll try to mount it, to allow to use eBPF monitor method. Future work (help wanted): - Extract command line arguments from the kernel (sys_execve, or mm struct). - Monitor other functions (execveat, clone*, fork, etc). - Send these events to the server (GUI), and display all the commands an application has executed.
2022-06-24 01:09:45 +02:00
// ReadCwd reads the current working directory name from ProcFS /proc/<pid>/cwd
func (p *Process) ReadCwd() error {
if p.CWD != "" {
return nil
}
added unit tests for process parsing and rules
2020-12-19 19:31:09 +01:00
link, err := os.Readlink(fmt.Sprintf("/proc/%d/cwd", p.ID))
if err != nil {
return err
added dialog to inspect details of a process in realtime (procfs) New dialog added to display details of a process in realtime, gathered from ProcFS. Process tab -> double click on an app -> click on the button with the search icon. We have also improved the discovery of apps icons and names. It should work better on systems where the DE is not properly configured. Tested, but not bulletproof, still in beta.
2020-11-16 17:09:52 +01:00
}
added unit tests for process parsing and rules
2020-12-19 19:31:09 +01:00
p.CWD = link
return nil
added dialog to inspect details of a process in realtime (procfs) New dialog added to display details of a process in realtime, gathered from ProcFS. Process tab -> double click on an app -> click on the button with the search icon. We have also improved the discovery of apps icons and names. It should work better on systems where the DE is not properly configured. Tested, but not bulletproof, still in beta.
2020-11-16 17:09:52 +01:00
}
ebpf: improved process detection/new events module Improved process detections by monitoring new processes execution. It allow us to know the path of a process before a socket is opened. Closes #617 Other improvements: - If we fail to retrieve the path of a process, then we'll use the comm name of the connection/process. - Better kernel connections detection. - If debugfs is not loaded, we'll try to mount it, to allow to use eBPF monitor method. Future work (help wanted): - Extract command line arguments from the kernel (sys_execve, or mm struct). - Monitor other functions (execveat, clone*, fork, etc). - Send these events to the server (GUI), and display all the commands an application has executed.
2022-06-24 01:09:45 +02:00
// ReadEnv reads and parses the environment variables of a process.
func (p *Process) ReadEnv() {
data, err := ioutil.ReadFile(fmt.Sprintf("/proc/%d/environ", p.ID))
if err != nil {
return
}
for _, s := range strings.Split(string(data), "\x00") {
parts := strings.SplitN(core.Trim(s), "=", 2)
if parts != nil && len(parts) == 2 {
key := core.Trim(parts[0])
val := core.Trim(parts[1])
p.Env[key] = val
added dialog to inspect details of a process in realtime (procfs) New dialog added to display details of a process in realtime, gathered from ProcFS. Process tab -> double click on an app -> click on the button with the search icon. We have also improved the discovery of apps icons and names. It should work better on systems where the DE is not properly configured. Tested, but not bulletproof, still in beta.
2020-11-16 17:09:52 +01:00
}
}
}
ebpf: improved process detection/new events module Improved process detections by monitoring new processes execution. It allow us to know the path of a process before a socket is opened. Closes #617 Other improvements: - If we fail to retrieve the path of a process, then we'll use the comm name of the connection/process. - Better kernel connections detection. - If debugfs is not loaded, we'll try to mount it, to allow to use eBPF monitor method. Future work (help wanted): - Extract command line arguments from the kernel (sys_execve, or mm struct). - Monitor other functions (execveat, clone*, fork, etc). - Send these events to the server (GUI), and display all the commands an application has executed.
2022-06-24 01:09:45 +02:00
// ReadPath reads the symbolic link that /proc/<pid>/exe points to.
// Note 1: this link might not exist on the root filesystem, it might
// have been executed from a container, so the real path would be:
// /proc/<pid>/root/<path that 'exe' points to>
//
// Note 2:
// There're at least 3 things that a (regular) kernel connection meets
// from userspace POV:
// - /proc/<pid>/cmdline and /proc/<pid>/maps empty
// - /proc/<pid>/exe can't be read
func (p *Process) ReadPath() error {
// avoid rereading the path
if p.Path != "" {
return nil
}
defer func() {
if p.Path == "" {
// determine if this process might be of a kernel task.
if data, err := ioutil.ReadFile(fmt.Sprintf("/proc/%d/maps", p.ID)); err == nil && len(data) == 0 {
p.Path = "Kernel connection"
improved process detection latest changes to detect short-lived processes caused undesired behaviour (#694) Closes #685
2022-07-08 17:15:57 +02:00
p.Args = append(p.Args, p.Comm)
ebpf: improved process detection/new events module Improved process detections by monitoring new processes execution. It allow us to know the path of a process before a socket is opened. Closes #617 Other improvements: - If we fail to retrieve the path of a process, then we'll use the comm name of the connection/process. - Better kernel connections detection. - If debugfs is not loaded, we'll try to mount it, to allow to use eBPF monitor method. Future work (help wanted): - Extract command line arguments from the kernel (sys_execve, or mm struct). - Monitor other functions (execveat, clone*, fork, etc). - Send these events to the server (GUI), and display all the commands an application has executed.
2022-06-24 01:09:45 +02:00
return
}
p.Path = p.Comm
}
}()
added dialog to inspect details of a process in realtime (procfs) New dialog added to display details of a process in realtime, gathered from ProcFS. Process tab -> double click on an app -> click on the button with the search icon. We have also improved the discovery of apps icons and names. It should work better on systems where the DE is not properly configured. Tested, but not bulletproof, still in beta.
2020-11-16 17:09:52 +01:00
linkName := fmt.Sprint("/proc/", p.ID, "/exe")
if _, err := os.Lstat(linkName); err != nil {
return err
}
ebpf: improved process detection/new events module Improved process detections by monitoring new processes execution. It allow us to know the path of a process before a socket is opened. Closes #617 Other improvements: - If we fail to retrieve the path of a process, then we'll use the comm name of the connection/process. - Better kernel connections detection. - If debugfs is not loaded, we'll try to mount it, to allow to use eBPF monitor method. Future work (help wanted): - Extract command line arguments from the kernel (sys_execve, or mm struct). - Monitor other functions (execveat, clone*, fork, etc). - Send these events to the server (GUI), and display all the commands an application has executed.
2022-06-24 01:09:45 +02:00
// FIXME: this reading can give error: file name too long
link, err := os.Readlink(linkName)
if err != nil {
return err
added dialog to inspect details of a process in realtime (procfs) New dialog added to display details of a process in realtime, gathered from ProcFS. Process tab -> double click on an app -> click on the button with the search icon. We have also improved the discovery of apps icons and names. It should work better on systems where the DE is not properly configured. Tested, but not bulletproof, still in beta.
2020-11-16 17:09:52 +01:00
}
clean path of a process if it's needed Sometimes the path of a path has " (deleted)" added or the path is reported as "/proc/self/exe" which is a link and needs to be resolved. -> #694
2022-07-08 21:59:11 +02:00
p.SetPath(link)
added dialog to inspect details of a process in realtime (procfs) New dialog added to display details of a process in realtime, gathered from ProcFS. Process tab -> double click on an app -> click on the button with the search icon. We have also improved the discovery of apps icons and names. It should work better on systems where the DE is not properly configured. Tested, but not bulletproof, still in beta.
2020-11-16 17:09:52 +01:00
return nil
}
clean path of a process if it's needed Sometimes the path of a path has " (deleted)" added or the path is reported as "/proc/self/exe" which is a link and needs to be resolved. -> #694
2022-07-08 21:59:11 +02:00
// SetPath sets the path of the process, and fixes it if it's needed.
func (p *Process) SetPath(path string) {
p.Path = path
p.CleanPath()
}
ebpf: improved process detection/new events module Improved process detections by monitoring new processes execution. It allow us to know the path of a process before a socket is opened. Closes #617 Other improvements: - If we fail to retrieve the path of a process, then we'll use the comm name of the connection/process. - Better kernel connections detection. - If debugfs is not loaded, we'll try to mount it, to allow to use eBPF monitor method. Future work (help wanted): - Extract command line arguments from the kernel (sys_execve, or mm struct). - Monitor other functions (execveat, clone*, fork, etc). - Send these events to the server (GUI), and display all the commands an application has executed.
2022-06-24 01:09:45 +02:00
// ReadCmdline reads the cmdline of the process from ProcFS /proc/<pid>/cmdline
// This file may be empty if the process is of a kernel task.
// It can also be empty for short-lived processes.
func (p *Process) ReadCmdline() {
if len(p.Args) > 0 {
return
}
added dialog to inspect details of a process in realtime (procfs) New dialog added to display details of a process in realtime, gathered from ProcFS. Process tab -> double click on an app -> click on the button with the search icon. We have also improved the discovery of apps icons and names. It should work better on systems where the DE is not properly configured. Tested, but not bulletproof, still in beta.
2020-11-16 17:09:52 +01:00
if data, err := ioutil.ReadFile(fmt.Sprintf("/proc/%d/cmdline", p.ID)); err == nil {
Allow to intercept more kernel connections (#513) * Allow to intercept some kernel connections Some connections are initiated from kernel space, like WireGuard VPNs (#454), NFS or SMB connections (#502) and ip tunnels (#500). Note: This feature is complete for x86_64, WIP for aarch64, and not supported for armhf and i386 https://github.com/evilsocket/opensnitch/pull/513#issuecomment-924400824 More information regarding this change: #493
2021-09-23 01:44:12 +02:00
if len(data) == 0 {
improved process detection latest changes to detect short-lived processes caused undesired behaviour (#694) Closes #685
2022-07-08 17:15:57 +02:00
return
Allow to intercept more kernel connections (#513) * Allow to intercept some kernel connections Some connections are initiated from kernel space, like WireGuard VPNs (#454), NFS or SMB connections (#502) and ip tunnels (#500). Note: This feature is complete for x86_64, WIP for aarch64, and not supported for armhf and i386 https://github.com/evilsocket/opensnitch/pull/513#issuecomment-924400824 More information regarding this change: #493
2021-09-23 01:44:12 +02:00
}
added dialog to inspect details of a process in realtime (procfs) New dialog added to display details of a process in realtime, gathered from ProcFS. Process tab -> double click on an app -> click on the button with the search icon. We have also improved the discovery of apps icons and names. It should work better on systems where the DE is not properly configured. Tested, but not bulletproof, still in beta.
2020-11-16 17:09:52 +01:00
for i, b := range data {
if b == 0x00 {
data[i] = byte(' ')
}
}
args := strings.Split(string(data), " ")
for _, arg := range args {
arg = core.Trim(arg)
if arg != "" {
p.Args = append(p.Args, arg)
}
}
ebpf: improved process detection/new events module Improved process detections by monitoring new processes execution. It allow us to know the path of a process before a socket is opened. Closes #617 Other improvements: - If we fail to retrieve the path of a process, then we'll use the comm name of the connection/process. - Better kernel connections detection. - If debugfs is not loaded, we'll try to mount it, to allow to use eBPF monitor method. Future work (help wanted): - Extract command line arguments from the kernel (sys_execve, or mm struct). - Monitor other functions (execveat, clone*, fork, etc). - Send these events to the server (GUI), and display all the commands an application has executed.
2022-06-24 01:09:45 +02:00
added dialog to inspect details of a process in realtime (procfs) New dialog added to display details of a process in realtime, gathered from ProcFS. Process tab -> double click on an app -> click on the button with the search icon. We have also improved the discovery of apps icons and names. It should work better on systems where the DE is not properly configured. Tested, but not bulletproof, still in beta.
2020-11-16 17:09:52 +01:00
}
}
func (p *Process) readDescriptors() {
f, err := os.Open(fmt.Sprint("/proc/", p.ID, "/fd/"))
if err != nil {
return
}
fDesc, err := f.Readdir(-1)
f.Close()
p.Descriptors = nil
for _, fd := range fDesc {
tempFd := &procDescriptors{
Name: fd.Name(),
}
if link, err := os.Readlink(fmt.Sprint("/proc/", p.ID, "/fd/", fd.Name())); err == nil {
tempFd.SymLink = link
netlink: de/serialize ipv6, dump socket list - De/Serialize IPv6 connections. - Added SocketsDump() to list all sockets currently in the kernel. - [proc details] Resolve all the sockets an application has opened and translate them to network data, e.g: ``` ls -l /proc/1234/fd/ 0 ... 25 -> socket[12345678] ``` to ``` 0 .... 25 -> socket[12345678] - 54321:10.0.2.2 -> github.com:443, state: established ```
2020-11-20 00:53:29 +01:00
socket := socketsRegex.FindStringSubmatch(link)
if len(socket) > 0 {
socketInfo, err := netlink.GetSocketInfoByInode(socket[1])
if err == nil {
tempFd.SymLink = fmt.Sprintf("socket:[%s] - %d:%s -> %s:%d, state: %s", fd.Name(),
socketInfo.ID.SourcePort,
socketInfo.ID.Source.String(),
dns.HostOr(socketInfo.ID.Destination, socketInfo.ID.Destination.String()),
socketInfo.ID.DestinationPort,
netlink.TCPStatesMap[socketInfo.State])
}
}
added dialog to inspect details of a process in realtime (procfs) New dialog added to display details of a process in realtime, gathered from ProcFS. Process tab -> double click on an app -> click on the button with the search icon. We have also improved the discovery of apps icons and names. It should work better on systems where the DE is not properly configured. Tested, but not bulletproof, still in beta.
2020-11-16 17:09:52 +01:00
if linkInfo, err := os.Lstat(link); err == nil {
tempFd.Size = linkInfo.Size()
tempFd.ModTime = linkInfo.ModTime()
}
}
p.Descriptors = append(p.Descriptors, tempFd)
}
}
func (p *Process) readIOStats() {
f, err := os.Open(fmt.Sprint("/proc/", p.ID, "/io"))
if err != nil {
return
}
defer f.Close()
p.IOStats = &procIOstats{}
scanner := bufio.NewScanner(f)
for scanner.Scan() {
s := strings.Split(scanner.Text(), " ")
switch s[0] {
case "rchar:":
p.IOStats.RChar, _ = strconv.ParseInt(s[1], 10, 64)
case "wchar:":
p.IOStats.WChar, _ = strconv.ParseInt(s[1], 10, 64)
case "syscr:":
p.IOStats.SyscallRead, _ = strconv.ParseInt(s[1], 10, 64)
case "syscw:":
p.IOStats.SyscallWrite, _ = strconv.ParseInt(s[1], 10, 64)
case "read_bytes:":
p.IOStats.ReadBytes, _ = strconv.ParseInt(s[1], 10, 64)
case "write_bytes:":
p.IOStats.WriteBytes, _ = strconv.ParseInt(s[1], 10, 64)
}
}
}
func (p *Process) readStatus() {
if data, err := ioutil.ReadFile(fmt.Sprint("/proc/", p.ID, "/status")); err == nil {
p.Status = string(data)
}
if data, err := ioutil.ReadFile(fmt.Sprint("/proc/", p.ID, "/stat")); err == nil {
p.Stat = string(data)
}
if data, err := ioutil.ReadFile(fmt.Sprint("/proc/", p.ID, "/stack")); err == nil {
p.Stack = string(data)
}
if data, err := ioutil.ReadFile(fmt.Sprint("/proc/", p.ID, "/maps")); err == nil {
p.Maps = string(data)
}
if data, err := ioutil.ReadFile(fmt.Sprint("/proc/", p.ID, "/statm")); err == nil {
p.Statm = &procStatm{}
fmt.Sscanf(string(data), "%d %d %d %d %d %d %d", &p.Statm.Size, &p.Statm.Resident, &p.Statm.Shared, &p.Statm.Text, &p.Statm.Lib, &p.Statm.Data, &p.Statm.Dt)
}
}
ebpf: improved process detection/new events module Improved process detections by monitoring new processes execution. It allow us to know the path of a process before a socket is opened. Closes #617 Other improvements: - If we fail to retrieve the path of a process, then we'll use the comm name of the connection/process. - Better kernel connections detection. - If debugfs is not loaded, we'll try to mount it, to allow to use eBPF monitor method. Future work (help wanted): - Extract command line arguments from the kernel (sys_execve, or mm struct). - Monitor other functions (execveat, clone*, fork, etc). - Send these events to the server (GUI), and display all the commands an application has executed.
2022-06-24 01:09:45 +02:00
// CleanPath removes extra characters from the link that it points to.
// When a running process is deleted, the symlink has the bytes " (deleted")
// appended to the link.
func (p *Process) CleanPath() {
// Sometimes the path to the binary reported is the symbolic link of the process itself.
// This is not useful to the user, and besides it's a generic path that can represent
// to any process.
// Therefore we cannot use /proc/self/exe directly, because it resolves to our own process.
if p.Path == "/proc/self/exe" {
if link, err := os.Readlink(fmt.Sprint("/proc/", p.ID, "/exe")); err == nil {
p.Path = link
return
}
// link read failed
if p.Args[0] != "" {
p.Path = p.Args[0]
return
}
p.Path = p.Comm
}
added dialog to inspect details of a process in realtime (procfs) New dialog added to display details of a process in realtime, gathered from ProcFS. Process tab -> double click on an app -> click on the button with the search icon. We have also improved the discovery of apps icons and names. It should work better on systems where the DE is not properly configured. Tested, but not bulletproof, still in beta.
2020-11-16 17:09:52 +01:00
pathLen := len(p.Path)
if pathLen >= 10 && p.Path[pathLen-10:] == " (deleted)" {
p.Path = p.Path[:len(p.Path)-10]
}
}
Reference in a new issue Copy permalink