Log more info

pkg/osquery/runtime/osqueryinstance.go

@@ -725,12 +725,52 @@ func (i *OsqueryInstance) detectStaleDatabaseLock(ctx context.Context, paths *os
 		// No lock file, nothing to do here
 		return false, nil
 	}
+	if err != nil {
+		return false, fmt.Errorf("determining whether lock file exists: %w", err)
+	}
 
-	i.slogger.Log(ctx, slog.LevelInfo,
-		"detected stale osquery db lock file",
+	infoToLog := []any{
 		"lockfile_path", lockFilePath,
 		"lockfile_modtime", lockFileInfo.ModTime().String(),
-	)
+	}
+
+	defer func() {
+		i.slogger.Log(ctx, slog.LevelInfo,
+			"detected stale osquery db lock file",
+			infoToLog...,
+		)
+	}()
+
+	// Check to see whether the process holding the file still exists
+	p, err := getProcessHoldingFile(ctx, lockFilePath)
+	if err != nil {
+		infoToLog = append(infoToLog, "err", err)
+		return false, fmt.Errorf("getting process holding file: %w", err)
+	}
+
+	// Grab more info to log from the process using the lockfile
+	infoToLog = append(infoToLog, "pid", p.Pid)
+	if name, err := p.NameWithContext(ctx); err == nil {
+		infoToLog = append(infoToLog, "process_name", name)
+	}
+	if cmdline, err := p.CmdlineWithContext(ctx); err == nil {
+		infoToLog = append(infoToLog, "process_cmdline", cmdline)
+	}
+	if status, err := p.StatusWithContext(ctx); err == nil {
+		infoToLog = append(infoToLog, "process_status", status)
+	}
+	if isRunning, err := p.IsRunningWithContext(ctx); err == nil {
+		infoToLog = append(infoToLog, "process_is_running", isRunning)
+	}
+	if parent, err := p.ParentWithContext(ctx); err == nil {
+		infoToLog = append(infoToLog, "process_parent_pid", parent.Pid)
+		if parentCmdline, err := parent.CmdlineWithContext(ctx); err == nil {
+			infoToLog = append(infoToLog, "process_parent_cmdline", parentCmdline)
+		}
+		if parentStatus, err := p.StatusWithContext(ctx); err == nil {
+			infoToLog = append(infoToLog, "process_parent_status", parentStatus)
+		}
+	}
 
 	return true, nil
 }

pkg/osquery/runtime/runtime_helpers.go

@@ -4,10 +4,17 @@
 package runtime
 
 import (
+	"context"
+	"errors"
 	"fmt"
 	"os/exec"
 	"path/filepath"
+	"strconv"
+	"strings"
 	"syscall"
+
+	"github.com/kolide/launcher/ee/allowedcmd"
+	"github.com/shirou/gopsutil/v3/process"
 )
 
 func setpgid() *syscall.SysProcAttr {
@@ -33,3 +40,27 @@ func platformArgs() []string {
 func isExitOk(_ error) bool {
 	return false
 }
+
+func getProcessHoldingFile(ctx context.Context, pathToFile string) (*process.Process, error) {
+	cmd, err := allowedcmd.Lsof(ctx, "-t", pathToFile)
+	if err != nil {
+		return nil, fmt.Errorf("creating lsof command: %w", err)
+	}
+
+	out, err := cmd.CombinedOutput()
+	if err != nil {
+		return nil, fmt.Errorf("running lsof: %w", err)
+	}
+
+	pidStr := strings.TrimSpace(string(out))
+	if pidStr == "" {
+		return nil, errors.New("no process found using file via lsof")
+	}
+
+	pid, err := strconv.ParseInt(pidStr, 10, 32)
+	if err != nil {
+		return nil, fmt.Errorf("invalid pid %s: %w", pidStr, err)
+	}
+
+	return process.NewProcess(int32(pid))
+}

pkg/osquery/runtime/runtime_helpers_windows.go

@@ -12,6 +12,7 @@ import (
 
 	"github.com/kolide/launcher/ee/allowedcmd"
 	"github.com/pkg/errors"
+	"github.com/shirou/gopsutil/v3/process"
 )
 
 func setpgid() *syscall.SysProcAttr {
@@ -80,3 +81,28 @@ func isExitOk(err error) bool {
 	}
 	return false
 }
+
+func getProcessHoldingFile(ctx context.Context, pathToFile string) (*process.Process, error) {
+	allProcesses, err := process.ProcessesWithContext(ctx)
+	if err != nil {
+		return nil, fmt.Errorf("getting process list: %w", err)
+	}
+
+	for _, p := range allProcesses {
+		openFiles, err := p.OpenFilesWithContext(ctx)
+		if err != nil {
+			continue
+		}
+
+		// Check the process's open files to see if this process is the one using the lockfile
+		for _, f := range openFiles {
+			if f.Path != pathToFile {
+				continue
+			}
+
+			return p, nil
+		}
+	}
+
+	return nil, errors.New("no process found using file")
+}