sigsuspend¶

Intro¶

sigsuspend - temporarily replaces the signal mask of the executing thread with the given set of signals.

Description¶

The sigsuspend() system call suspends the caller until a signal is received. It is equivalent to

sigprocmask(SIG_SETMASK, &mask, NULL);
pause();

The mask given as argument is used as the signal mask of the process during the period of suspension; upon return from the call it is restored to the previous value. While sigsuspend() is being executed, any signal may be accepted, except SIGKILL and SIGSTOP.

The sigsuspend() function shall not return if it is interrupted by a signal handler and the signal handler does not return.

Arguments¶

mask:const sigset_t*[K] - pointer to a signal set specifying the new signal mask for the process.

Available Tags¶

K - Originated from kernel-space.

Hooks¶

sigsuspend¶

Type¶

kprobe + kretprobe

Purpose¶

To monitor when the program defines a new signal mask and waits until a signal is received.

Example Use Case¶

When monitoring a program that handles signals and the need to know when a new signal mask is set and in which order the signals are handled.

Issues¶

If a signal is sent with a higher priority than SIGKILL and SIGSTOP, it might be missed by the call to sigsuspend().

sigprocmask()
sigsuspend()
sigpending()

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.

sigsuspend¶

Intro¶

Description¶

Arguments¶

Available Tags¶

Hooks¶

sigsuspend¶

Type¶

Purpose¶

Example Use Case¶

Issues¶

Related Events¶