open_tree¶
Intro¶
open_tree - open a file relative to a directory file descriptor
Description¶
open_tree is an Linux system call available since kernel 3.3. It can be used to open a file relative to an open directory file descriptor. It is similar to open but allows the opening of a file relative to an open directory file descriptor which can make the creation of an absolute path easier.
Advantages of using this syscall include reducing the number of calls needed to build an absolute path.
Drawbacks include lack of compatibility until kernel 3.3.
Arguments¶
dfd
:int
- File descriptor of the directory used as base for the relative path of the file to open.filename
:const char*
- The pathname relative to the directory referenced by the file descriptor.flags
:unsigned int
[K] - Flags to be used when opening the file.
Available Tags¶
- K - Originated from kernel-space.
Hooks¶
do_sys_open¶
Type¶
kprobe
Purpose¶
To get details about when, and with which arguments, open_tree is called.
Example Use Case¶
open_tree is useful when particularially when the path of the file to open needs to be known before it is open, such as when opening a configuration file.
Issues¶
Since open_tree is a relatively new system call, kernel versions before 3.3 do not support it.
Related Events¶
open: similar Linux system call for opening files, but does not support relative paths.
This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.