> psc uses eBPF iterators to read process and file descriptor information directly from kernel data structures. This bypasses the /proc filesystem entirely, providing visibility that cannot be subverted by userland rootkits or LD_PRELOAD tricks.
I found this justification dubious. To me the main reason to use eBPF is that it gives more information and is lower overhead.
mrbluecoat•1h ago
Thanks for including so many examples! Perhaps include one example output. Other than mention of the optional '--tree' parameter, it's unclear if the default result would be a list, table, JSON, etc.
WD-42•39m ago
This is neat but the examples comparing the tool against piping grep seem to counter the argument to me. A couple of pipes to grep seems much easier to remember and type, especially with all the quotes needed for psc. For scripts where you need exact output this looks great.
pstoll•25m ago
I’m the opposite - I much prefer a structured query language (ahem) for this type of thing. If I’m looking at someone’s (ie my own 6 months later) script I much prefer to see the explicit structure being queried vs “why are we feeling for foo or grabbing the 5th field based on squashed spaces as the separater”.
Nice use of CEL too. Neat all around.
mgaunard•24m ago
I'm not convinced with the need to embed CEL. You could just output json and pipe to jq.
apopapo•1h ago
Is there a trade off here?
tempay•45m ago
mgaunard•23m ago
mgaunard•14m ago