Hi all,
I'm probing sys_write system call using system tap to get modified file
name along with UID.
Here is code snippet.
probe kernel.function ("vfs_write")
{
filename = user_string($file->f_dentry->d_name->name) // for
2.6.18 kernel.
printf ("%d %s\n",uid,filename)
}
I got sample program to get inode number as below
inode_nr = $file->f_path->dentry->d_inode->i_ino . This I changed to get
file name, I'm getting file name as empty.
With above program i'm getting file name as unknown.
My question is does above code snippet is correct to get file name ? If not
could somebody please let me know the correct implementation.
_______________________________________________
Kernelnewbies mailing list
[email protected]
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
