[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How to reconstruct file path from PATH records?



On Tuesday, December 07, 2010 01:21:27 am Dilin Mao wrote:
>    We are developing a system to monitor file operations, the difficulties
> is how to reconstruct file path from audit records. we have written some
> testcases for system calls of file/dir operation, and found that the
> numbers of path records differs when we try different combinations of
> absolute or relative pathname.  For rename/renameat function, we have seen
> four or five path records per system call, for link/linkat function, the
> number of path records is two or three. Is there any rule for how the path
> records is generated?
 
I was hoping one of the kernel developers was going to answer this. 
 

>    We have also found that the file path can't be reconstruct correctly
> sometimes.  Taken linkat function as  example:

By any chance, can you share the testcase source code? I'm sure I could write it from 
scratch, but it might help expedite the discussion if you could share that.

Thanks,
-Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]