tracexec uses BPF to some extent, but probably not in the way you guessed. it uses ptrace to do most of the work and use seccomp-bpf to speed it up. Using eBPF to do the syscall filtering requires root, so that's a reason for me to choose ptrace. And credits to the strace developers: https://pchaigno.github.io/strace/2019/10/02/introducing-str...

Yes, it's a very high priority todo for me: https://github.com/kxxt/tracexec/issues/3. I already reserved space for it(The empty line under title in the TUI). It requires some work because for now the environment panel is just a paragraph of text wrapped in a scrollview.

Show HN: Tracexec – TUI for tracing execve and pre-exec behavior

tracexec helps you to figure out what and how programs get executed when you execute a command.

It's useful for debugging build systems, catching fd leaks, understanding what shell scripts actually do, figuring out what programs does a proprietary software run, etc.

Show HN: tracexec: A small utility for tracing execve{,at}