svn commit: r253887 - head/sys/dev/filemon
Simon J. Gerraty
sjg at juniper.net
Sun Aug 4 15:33:12 UTC 2013
>> Thank you for your comments. Can you review the attached patch? If
>> there is no problem, I will commit this and MFC to stable branches.
Looks good.
But don't commit it untested ;-)
I can test it for you.
>Perhaps it is best to commit this patch, but also add a warning to
>filemon(4) that it should not be loaded on systems with untrusted users
>or the permissions on /dev/filemon should be restricted (via
>/etc/devfs.rules).
That would largely defeat the purpose.
This driver was written to overcome issues with dtrace:
a/ it needed privs beyond normal user
b/ it could not reliably provide path of binary being exec'd
c/ performace
#b is probably fixable, but the fix could not be relied on to exist
everywhere.
This driver looks at a very limited set of syscalls, and does not report
anything beyond pathnames read/written/exec'd.
In the NetBSD version I even dropped stat calls as being unnecessary
(for make).
dtrace would meet many of Robert's criteria for a general purpose
functionality but allows far more functionality, and apart from the
issues above, cannot (I'm told) be ported to linux.
A simple driver like this can be.
More information about the svn-src-head
mailing list