On Mon, Aug 02 2021, Randall S. Becker wrote:
> On August 2, 2021 6:22 AM: Ævar Arnfjörð Bjarmason wroteL
>>On Wed, Jul 21 2021, Emily Shaffer wrote:
>>
>>> Git for Windows also gathers information about more than one
>>> generation of parent. In Linux further ancestry info can be gathered
>>> with procfs, but it's unwieldy to do so.
>>
>>Having read the win32 get_processes() implementation and read proc(5) I don't get how it's unweildy to do so on Linux? Perhaps I'm
>>missing some special-case but this rather simple patch-on-top seems to do the job for me. This includes the unrelated enum/switch/case
>>change I suggested.
>>
>>I can submit it as a patch-on-top with SOB etc, but maybe there's some subtle reason it won't work properly. It works for me, I get e.g.:
>>
>> {
>> "event": "cmd_ancestry",
>> "sid": "20210802T102731.879424Z-Hc2f5b994-P00001acc",
>> "thread": "main",
>> "time": "2021-08-02T10:27:31.879618Z",
>> "file": "compat/linux/procinfo.c",
>> "line": 66,
>> "ancestry": [
>> "bash",
>> "screen",
>> "systemd"
>> ]
>> }
>
> Should not the subfields of "ancestry" also have field names? I get that they are a list, but it seems a bit restrictive.
>
> My preference here would be:
>
> "ancestry": [
> "ancestor": [
> "program": "bash",
> "pid" : 1234 ],
> "ancestor": [
> "program": "screen"],
> "ancestor": [
> "program" : "systemd"],
> ]
>
> With more richness available in the ancestor.
That sounds sensible, but to be clear that's a relevant comment on
Emily's original patch, my "let's implement the same for Linux" is just
faithfully reproducing what we're already doing in the Windows
implementation.
But yes, I'd think that including the PID would be a sensible thing to
do...
