I'm probing sys_write system call using system tap to get modified file name along with UID.
Here is code snippet.
probe kernel.function ("vfs_write")
{
filename = user_string($file->f_dentry->d_name->name) // for 2.6.18 kernel.
printf ("%d %s\n",uid,filename)
}
I got sample program to get inode number as below
inode_nr = $file->f_path->dentry->d_inode->i_ino . This I changed to get file name, I'm getting file name as empty.
With above program i'm getting file name as unknown.
My question is does above code snippet is correct to get file name ? If not could somebody please let me know the correct implementation.
_______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
