Skip to content

lsetxattr

Intro

lsetxattr - sets the value of a extended attribute in the filesystem

Description

The lsetxattr() system call sets the value of an extended attribute associated with a file or directory referenced by path. The attributes are interpreted according to the namespace indicated by the prefix argument. The value parameter is a byte array of size size that will be associated with the attribute identified by the pair of arguments (path, name).

The flags argument is currently undefined on Linux systems, and should be specified as 0.

Arguments

  • path:const char*[K] - A pointer to a string indicating the path of the file or directory.
  • name:const char*[K] - A pointer to a string with the name of the extended attribute to set.
  • value:const void*[K] - A pointer to a buffer with the value for the extended attribute.
  • size:size_t[K] - The size of the buffer.
  • flags:int[K] - A value that is currently undefined on Linux and should be specified as 0.

Available Tags

  • K - Originated from kernel-space.

Hooks

lsetxattr

Type

Kprobe

Purpose

To monitor the activity of lsetxattr syscalls.

Example Use Case

Real-time monitoring of lsetxattr syscalls being called to provide insights into the access and modification of extended file attributes on a system.

Issues

None

lgetxattr, fsetxattr, fgetxattr, listxattr, removexattr.

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.