System Tap help
V.Ravikumar
ravikumar.vallabhu at gmail.com
Thu Apr 12 01:08:15 EDT 2012
Hi all,
I'm probing sys_write system call using system tap to get modified file
name along with UID.
Here is code snippet.
probe kernel.function ("vfs_write")
{
filename = user_string($file->f_dentry->d_name->name) // for
2.6.18 kernel.
printf ("%d %s\n",uid,filename)
}
I got sample program to get inode number as below
inode_nr = $file->f_path->dentry->d_inode->i_ino . This I changed to get
file name, I'm getting file name as empty.
With above program i'm getting file name as unknown.
My question is does above code snippet is correct to get file name ? If not
could somebody please let me know the correct implementation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20120412/784c4cd4/attachment.html
More information about the Kernelnewbies
mailing list