How do I use /dev/trace?

Mark Rosenthal mbr at aoa.UUCP
Tue Feb 6 07:30:30 AEST 1990


We have been running Ultrix 3.0 on our 8650 for close to a year.  Three times
in the past two weeks, we have found permissions on /tmp changed.  Naturally,
when that happens, half the programs in the known universe stop functioning.

I'd like to enable the SYS_TRACE option in the kernel, and write a daemon to
watch for chmod's on /tmp and report whatever information is available about
the process.  I've looked at the man page trace(5) and the include file
/usr/sys/h/systrace.h for clues as to how to use the trace device driver.
The information available is sketchy, to say the least.  Does anyone out there
have better documentation on how to use this?  Any examples?

My specific questions so far are:

 1) What ioctl's do I call, in what order, to indicate that I'm interested
    in chmod() sys calls?

 2) Do I pass a "trace" structure (as defined in systrace.h) as the third arg
    to ioctl()?  If not, what do I pass?  If so, that structure has positions
    for 16 pids, 16 uids, 16 syscalls, and 16 pgrps, but no places to store
    counts of the number of slots in use for each type of slot.  How does the
    driver know which slots contain data I'm interested in?  Is it based on
    the value in the slot?  If so, what value should I use to fill in the slots
    I'm not using?

 3) What are the "IOTR_GET..." ioctl() calls used for?  What about
    "IOTR_SET..."?  What is the meaning of "GET" vs. "SET" in this context?

 4) Once I've done the required ioctl()s to select the items I want to trace,
    I assume I read from the file descriptor.  Where can I find documentation
    on the format of the data that read() will return in the buffer?

Any help would be appreciated.
-- 
	Mark of the Valley of Roses
	...!bbn.com!aoa!mbr



More information about the Comp.unix.wizards mailing list