signal¶

Intro¶

Signal - sends a signal specifying its number (signum), plus an optional handler, to the calling process or process group.

Description¶

The signal syscall is used to send a signal to one or more process, specify by its signum and with optional handler (the function being executed when the signal is delivered). It can be used to send signals like SIGTERM and SIGKILL to terminate processes, as well as custom signals to communicate information or initiate actions from other processes.

Signals can be blocked depending on their type, so it is important to take that into account when sending a signal.

Arguments¶

signum: int - the signal number to send. The list of available signals is described in the signal(7) manual page.
handler: sighandler_t[K] - optional pointer to the function to be executed upon arrival of the signal.

Available Tags¶

K - Originated from kernel-space.

Hooks¶

do_signal¶

Type¶

Tracepoint + Kprobe

Purpose¶

Gather data and figure out what function is executed when the signal is received.

Example Use Case¶

One example of use of the signal event is to count how many signals of a particular kind (in this case, SIGTERM) were sent and received during a given period of time.

Issues¶

Due to the asynchronous and unreliable nature of signals, in some cases signals may be lost or delivered late.

kill - similar to signal but with a more precise target.
waitid - used to wait for processes and identify the signal sent.

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.