summary refs log tree commit diff
path: root/README
diff options
context:
space:
mode:
Diffstat (limited to 'README')
-rw-r--r--README69
1 files changed, 69 insertions, 0 deletions
diff --git a/README b/README
new file mode 100644
index 0000000..b4406b6
--- /dev/null
+++ b/README
@@ -0,0 +1,69 @@
+EXTRACE(1)                  General Commands Manual                 EXTRACE(1)
+
+NAME
+     extrace – trace exec() calls system-wide
+
+SYNOPSIS
+     extrace [-deflq] [-o file] [-p pid | cmd ...]
+
+DESCRIPTION
+     extrace traces all program executions occurring on a system.
+
+     The options are as follows:
+
+     -d      Print the current working directory of the new process.
+
+     -e      Print environment of process, or ‘-’ if unreadable.
+
+     -f      Generate flat output without indentation.  By default, the line
+             indentation reflects the process hierarchy.
+
+     -l      Resolve full path of the executable.  By default, argv[0] is
+             shown.
+
+     -q      Suppress printing of exec(3) arguments.
+
+     -o file
+             Redirect trace output to file.
+
+     -p pid  Only trace exec(3) calls descendant of pid.
+
+     cmd ...
+             Run cmd ... and only trace descendants of this command.
+
+             By default, all exec(3) calls are traced globally.
+
+EXIT STATUS
+     The extrace utility exits 0 on success, and >0 if an error occurs.
+
+ERRORS
+     Check these prerequisites if you see this error:
+
+           binding sk_nl error: Operation not permitted
+
+     extrace requires special permissions to run, either root or the Linux
+     CAP_NET_ADMIN capability.
+
+     extrace only works on Linux kernels with the kernel options
+
+           CONFIG_CONNECTOR=y
+           CONFIG_PROC_EVENTS=y
+
+SEE ALSO
+     fatrace(1), ps(1), pwait(1)
+
+AUTHORS
+     Christian Neukirchen <chneukirchen@gmail.com>
+
+     May contain traces of code from Guillaume Thouvenin, Matt Helsley, and
+     Sebastian Krahmer.
+
+BUGS
+     While process tracing is exact, looking up all information is inherently
+     sensitive to race conditions.  In doubt, you can only trust the PID was
+     written correctly.
+
+LICENSE
+     extrace is licensed under the terms of the GPLv2.
+
+Linux 4.6.2_1                    June 13, 2016                   Linux 4.6.2_1