The [nd_]syscall.execve and [nd_]syscall.execveat probes are a bit odd and could use a bit of work: - For some reason, their 'argstr' convenience variables don't have commas between arguments like every other syscall probe. - They don't report the 'envp' argument. - The [nd_]syscall.execve probes have no test case. This new test case can be based on the existing execveat test case.
Fixed in commit bf952a7. - 'argstr' convenience variables have commas between arguments - the environment variables are now reported - a testcase for [nd_]syscall.execve was added - a few problems with nd_syscall.execveat and nd_syscall.compat_execveat were fixed - The [nd_]syscall.execve probes were improved by moving them to arch-specific code for kernels < 3.7. This allows us to catch all execve() calls, even ones that fail.