Date: Sun, 4 Aug 2013 08:17:54 -0700 From: "Simon J. Gerraty" <sjg@juniper.net> To: Jilles Tjoelker <jilles@stack.nl> Cc: svn-src-head@FreeBSD.org, svn-src-all@FreeBSD.org, Hiroki Sato <hrs@FreeBSD.org>, src-committers@FreeBSD.org Subject: Re: svn commit: r253887 - head/sys/dev/filemon Message-ID: <20130804151754.8189758097@chaos.jnpr.net> In-Reply-To: <20130804100304.GB35080@stack.nl> References: <201308021444.r72EiBk2059771@svn.freebsd.org> <20130802152204.GA1880@stack.nl> <20130804.121523.488481502477873993.hrs@allbsd.org> <20130804100304.GB35080@stack.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
>> Thank you for your comments. Can you review the attached patch? If >> there is no problem, I will commit this and MFC to stable branches. Looks good. But don't commit it untested ;-) I can test it for you. >Perhaps it is best to commit this patch, but also add a warning to >filemon(4) that it should not be loaded on systems with untrusted users >or the permissions on /dev/filemon should be restricted (via >/etc/devfs.rules). That would largely defeat the purpose. This driver was written to overcome issues with dtrace: a/ it needed privs beyond normal user b/ it could not reliably provide path of binary being exec'd c/ performace #b is probably fixable, but the fix could not be relied on to exist everywhere. This driver looks at a very limited set of syscalls, and does not report anything beyond pathnames read/written/exec'd. In the NetBSD version I even dropped stat calls as being unnecessary (for make). dtrace would meet many of Robert's criteria for a general purpose functionality but allows far more functionality, and apart from the issues above, cannot (I'm told) be ported to linux. A simple driver like this can be.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130804151754.8189758097>