lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 3 Jan 2012 17:53:12 -0500
From:	Greg Freemyer <greg.freemyer@...il.com>
To:	Sushil Mantri <sushilmantri@...il.com>
Cc:	linux-ext4@...r.kernel.org, linux-fsdevel@...r.kernel.org
Subject: Re: A stackable filesystem to trace low level filesystem operations

On Tue, Jan 3, 2012 at 4:50 PM, Sushil Mantri <sushilmantri@...il.com> wrote:
> Please read the following:
>
> On Tue, Jan 3, 2012 at 4:45 PM, Greg Freemyer <greg.freemyer@...il.com> wrote:
>> On Tue, Jan 3, 2012 at 4:20 PM, Sushil Mantri <sushilmantri@...il.com> wrote:
>>> Hi All,
>>>
>>> Sorry but this isn't a ext4 specific question but a general filesystem question.
>>>
>>> I am looking for a way to track filesystem level operation like
>>> operation(read/write), filename, offset, size of read/write, pid of
>>> the requesting process. The goal of my project is to collect such
>>> traces and understand access usage of directories and more. I would
>>> like to filter other operation like open,close, etc and requests to
>>> procfs, etc. There was a stackable file system earlier called Tracefs.
>>> It isn't supported anymore though. The original paper can be found
>>> here: filesystems.org/docs/tracefs-fast04/tracefs.ps
>>>
>>> Can you please suggest me what is the best option i have. I am
>>> currently looking at SystemTap.
>>>
>>> Thanks,
>>> Sushil
>>
>> I think you're looking for either inotify or fanotify.
> This will only notify me when an event occurs,but is doesn't provide
> tracing information. Further i think it will be very slow if i have to
> trace the whol filesystem

inotify  and fanotify can both be set to work one file at a time I'm
pretty sure.

ie. You can register to be notified only for specific files and their actions.

There are kernel space hooks for them both I think that allow your
kernel code to be called upon an event.  So if you want to create a
basic kernel log tracing package it should be easy enough.  (It may be
you need to use the fsnotify API directly for that.)

I don't know if patches for that are floating around.  Again, you
should ask on fs-devel, not here.

Greg
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ