Re: dtracing unlink

To: Thomas Klausner <wiz%NetBSD.org@localhost>
Subject: Re: dtracing unlink
From: RVP <rvp%SDF.ORG@localhost>
Date: Fri, 20 Oct 2023 21:45:11 +0000 (UTC)

On Fri, 20 Oct 2023, Thomas Klausner wrote:

I'm trying to find out what a program does, and found it does a lot of
unlink syscalls, so I wanted to see what it unlinks.
[...]
What's the proper way to do this?


Here you go (written ages ago for 9.0, should still work on -HEAD):

```
#!/usr/sbin/dtrace -s

#pragma D option destructive
#pragma D option quiet

syscall::unlink:entry
{
	/*
	 * NetBSD doesn't supply the ``cwd'' dtrace variable, so
	 * can't use an external program which does realpath(3)
	 * in order to check for files only in specific directories.
	 * Therefore, we just print everything and use fgrep(1)
	 * to pick filenames (relaive and absolute) we want.
	 */
	printf("%d %d %s %s\n", uid, pid, execname, copyinstr(arg0));
/*
	printf("%d %d %s ", uid, pid, execname);
	system("pr_realpath -p %d %s", pid, copyinstr(arg0));
	printf("\n");
*/
}

syscall::unlinkat:entry
{
	printf("%d %d %s 0x%x %s\n", uid, pid, execname, arg0, copyinstr(arg1));
}
```

-RVP

Follow-Ups:
- Re: dtracing unlink
  - From: RVP

References:
- dtracing unlink
  - From: Thomas Klausner

Prev by Date: Re: dtracing unlink
Next by Date: Re: dtracing unlink
Previous by Thread: Re: dtracing unlink
Next by Thread: Re: dtracing unlink
Indexes:

Home | Main Index | Thread Index | Old Index