| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 3 Jan 2012 17:53:12 -0500 From: Greg Freemyer <greg.freemyer@...il.com> To: Sushil Mantri <sushilmantri@...il.com> Cc: linux-ext4@...r.kernel.org, linux-fsdevel@...r.kernel.org Subject: Re: A stackable filesystem to trace low level filesystem operations On Tue, Jan 3, 2012 at 4:50 PM, Sushil Mantri <sushilmantri@...il.com> wrote: > Please read the following: > > On Tue, Jan 3, 2012 at 4:45 PM, Greg Freemyer <greg.freemyer@...il.com> wrote: >> On Tue, Jan 3, 2012 at 4:20 PM, Sushil Mantri <sushilmantri@...il.com> wrote: >>> Hi All, >>> >>> Sorry but this isn't a ext4 specific question but a general filesystem question. >>> >>> I am looking for a way to track filesystem level operation like >>> operation(read/write), filename, offset, size of read/write, pid of >>> the requesting process. The goal of my project is to collect such >>> traces and understand access usage of directories and more. I would >>> like to filter other operation like open,close, etc and requests to >>> procfs, etc. There was a stackable file system earlier called Tracefs. >>> It isn't supported anymore though. The original paper can be found >>> here: filesystems.org/docs/tracefs-fast04/tracefs.ps >>> >>> Can you please suggest me what is the best option i have. I am >>> currently looking at SystemTap. >>> >>> Thanks, >>> Sushil >> >> I think you're looking for either inotify or fanotify. > This will only notify me when an event occurs,but is doesn't provide > tracing information. Further i think it will be very slow if i have to > trace the whol filesystem inotify and fanotify can both be set to work one file at a time I'm pretty sure. ie. You can register to be notified only for specific files and their actions. There are kernel space hooks for them both I think that allow your kernel code to be called upon an event. So if you want to create a basic kernel log tracing package it should be easy enough. (It may be you need to use the fsnotify API directly for that.) I don't know if patches for that are floating around. Again, you should ask on fs-devel, not here. Greg -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists