Altering the name of a process on Linux

Processes on Linux are known by two names. Both may be changed.

comm

Derived from the name of the process' executable. Max length 16 bytes.

May be read from /proc/$pid/comm since Linux 2.6.33. Also visible as the second value in /proc/$pid/stat.

Can be changed by calling prctl(PR_SET_NAME, "foo", 0, 0, 0) since Linux 2.6.9. Can also be changed by writing to /proc/$pid/comm.

ps(1) calls this field comm. pkill(1), pgrep(1) and killall(1) all display/use this name by default. pkill(1) and pgrep(1) can be made to use the other name if you use the -f option.

args

The argument list that the program is started with. Can be very long.

May be read from /proc/$pid/cmdline (use tr '\0' '\n' for readability).

A process may change this value by overwriting argv[0]. The size of the argv array does not change, so the new value should be null-terminated (to avoid the old value leaking through if the new value is shorter) and must be no longer than the old one (to avoid overwriting the rest of 'argv' and the environment variables, memory corruption and crashes). This can be worked around by calling fork(2) and then exec(3) with the desired process name as the first arg value.

ps(1) calls this field args. In top(1), pressing the c key will toggle between this name and the comm.

See also


CategoryTechnote

robots.org.uk: AlteringProcessName (last edited 2017-03-15 16:08:03 by sam)

© Sam Morris <sam@robots.org.uk>.
Content may be distributed and modified providing this notice is preserved.