Domanda
On a very constrained embedded Linux system, I wish to log all files that are opened/mapped/whatever for read and or write. In other words, all files that are accessed at least once. What would be the best approach? Because of "some" constraints, I would prefer NOT to modify/hack the file system, init scripts and the user-space level... I think that I would prefer to do things in the kernel. Even an insertion of printk in the right functions would be acceptable. If that matters, I'm using an ext3 filesystem.
Soluzione
Answering my own question. Patching the kernel file system driver is a working solution:
https://stackoverflow.com/questions/21535496
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianchar *buf = (char*)__get_free_page(GFP_USER);
char *name = dentry_path_raw(file->f_dentry, buf, PAGE_SIZE);
printk("FILE OPEN read: %d write: %d %s\n", file->f_mode & FMODE_READ, file->f_mode & FMODE_WRITE, name);
free_page((unsigned long)buf);
