Consider the following: su foo su bar su foo When we ask captree to display 'su' (I'm using the contrib/sucap/su example here to enable ambient inheritance through pam_cap.so) it prints: --su(43214) "=p" +-bash(43240) "cap_setfcap=eip" [^cap_setfcap] +-su(43817) "=p" +-bash(43826) "cap_setfcap=eip" [^cap_setfcap] +-su(43864) "=p" +-bash(43867) --su(43817) "=p" +-bash(43826) "cap_setfcap=eip" [^cap_setfcap] +-su(43864) "=p" +-bash(43867) --su(43864) "=p" +-bash(43867) That is, captree is find every instance of 'su' and redundantly displaying the process tree beneath it. Ideally, captree would just display: --su(43214) "=p" +-bash(43240) "cap_setfcap=eip" [^cap_setfcap] +-su(43817) "=p" +-bash(43826) "cap_setfcap=eip" [^cap_setfcap] +-su(43864) "=p" +-bash(43867) There are two problems here: 1. if a PID has been displayed it shouldn't be displayed again 2. if 1 is true, it is vital that we pick the oldest 'su' for the root of the tree. I'm going to fix this in two commits. The first (1) is easier, and will cover all use cases until the PID space wraps around.
Sigh, the example above should have been "consider..." su foo su foo su bar
This fixes (1): https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=142ad758ffaaec1b4c4e5e7c61287a943f21ff7b (2) needs a little more thought.
This fixes (2) https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=2a3984fe0fc12880e15760b35733db6031b0a652