Which processes should I NOT strace?

Question

I've created a little function for strace'ing a set of the current user's processes by name:

function pstrace() {
    local pattern="$1";
    shift;
    prefixDashP $(pgrep -U $(whoami) $pattern) | xargs strace -o /dev/stdout $@;
}

function prefixDashP() {
    local new_args=();
    for arg; do
        new_args+=( '-p' );
        new_args+=( "$arg" );
    done;
    for arg in "${new_args[@]}"; do
        echo "$arg";
    done;
}

# Usage:  pstrace pattern1 pattern2 ...

The trouble is, if I accidentally specify too broad of a pattern, it tries to monitor processes that it shouldn't monitor, and so my system freezes.

Is there a list of processes that I can always exclude?

score 6 · Answer 1 · edited Apr 13 '17 at 12:36

You must not trace any process that's involved in processing the output of strace. This means, at least, the terminal emulator in which you're running strace. I wouldn't expect your whole system to be frozen, only slowed down; uless you're running strace as root and tracing your X server, you should be able to switch to a different terminal and kill the strace process.

It would be less risky and probably more convenient to send the strace output to a file. Start less after starting strace, and kill it if you've accidentally traced the terminal emulator.

If you feel like tracing a lot of processes, you may be using the wrong tool. A system-wide audit system, such as Linux's (see examples and pointers here or here), may be more appropriate.

Well spotted! Looks more like a livelock than a deadlock, so the system will probably be unstable (at least). — Stéphane Gimenez, Jul 31 '11 at 23:20

Which processes should I NOT strace?

1 Answers1