Skip to content

name_to_handle_at

Intro

name_to_handle_at - Gets a handle for a path

Description

The name_to_handle_at system call takes an open file descriptor dirfd of a directory and a path pathname relative to it, and acts in a similar fashion to name_to_handle_at. It returns a handle that can be used in the future to refer to the object specified by the path.

The use of this system call allows applications to keep track of objects even if the path to them changes due to mount/unmount operations or directory moves. It is similar to the openat system call, but the returned file handle is valid even if the process moves to another mount namespace.

The handle argument is the output that will be filled by the system call. The purpose of passing mount_id is to specify an exported or shared filesystem handle to be used instead of the name. flags is used to add additional information about the name resolution for the file handle.

Arguments

  • dirfd:int[K] - File descriptor of a directory used by name_to_handle_at.
  • pathname:const char*[K] - Path relative to the directory specified by the dirfd file descriptor.
  • handle:struct file_handle*[K] - Memory address used to hold the output result (file handle).
  • mount_id:int*[K] - Pointer to an additional information of the exported filesystem.
  • flags:int[K] - Flags used to add additional information on the name resolution of the file handle.

Available Tags

  • K - Originated from kernel-space.

Hooks

sys_name_to_handle_at

Type

Kprobe + Uprobe

Purpose

To trace each time a process calls a name_to_handle_at system call.

Example Use Case

When writing a file system monitoring application, it might be interesting to keep track of changes regarding objects in the file system associated with a certain process. The name_to_handle_at system call allows for that, by providing an efficient way to retrieve handles for the objects.

Issues

If mountIDs are used, the returned file handle may be unreliable if the filesystem is moved or unmounted in the meanwhile.

openat

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.