SYNOPSIS
In dev/filemon/filemon.hDESCRIPTION
The device allows a process to collect file operations data of its children. The device /dev/filemon responds to two ioctl(2) calls.System calls are denoted using the following single letters:
- `C'
- chdir(2)
- `D'
- unlink(2)
- `E'
- exec(2)
- `F'
- fork(2), vfork(2)
- `L'
- link(2), linkat(2), symlink(2), symlinkat(2)
- `M'
- rename(2)
- `R'
- open(2) for read
- `S'
- stat(2)
- `W'
- open(2) for write
- `X'
- _exit2
Note that `R' following `W' records can represent a single open(2) for R/W, or two separate open(2) calls, one for `R' and one for `W' Note that only successful system calls are captured.
IOCTLS
User mode programs communicate with the driver through a number of ioctls which are described below. Each takes a single argument.- FILEMON_SET_FD
- Write the internal tracing buffer to the supplied open file descriptor.
- FILEMON_SET_PID
- Child process ID to trace.
RETURN VALUES
The Fn ioctl function returns the value 0 if successful; otherwise the value -1 is returned and the global variable errno is set to indicate the error.FILES
- /dev/filemon
EXAMPLES
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/wait.h>
#include <sys/ioctl.h>
#include <dev/filemon/filemon.h>
#include <fcntl.h>
#include <err.h>
#include <unistd.h>
static void
open_filemon(void)
{
pid_t child;
int fm_fd, fm_log;
if ((fm_fd = open("/dev/filemon", O_RDWR | O_CLOEXEC)) == -1)
err(1, "open(\"/dev/filemon\", O_RDWR)");
if ((fm_log = open("filemon.out",
O_CREAT | O_WRONLY | O_TRUNC | O_CLOEXEC, DEFFILEMODE)) == -1)
err(1, "open(filemon.out)");
if (ioctl(fm_fd, FILEMON_SET_FD, &fm_log) == -1)
err(1, "Cannot set filemon log file descriptor");
if ((child = fork()) == 0) {
child = getpid();
if (ioctl(fm_fd, FILEMON_SET_PID, &child) == -1)
err(1, "Cannot set filemon PID");
/* Do something here. */
} else {
wait(&child);
close(fm_fd);
}
}
Creates a file named filemon.out and configures the device to write the buffer contents to it.
HISTORY
A device appeared in Fx 9.1 .