statfs¶

Intro¶

statfs - copies information relating to mounted filesystems

Description¶

The statfs system call obtains details of the mounted file system specified by the path. The information is stored in the struct statfs, which is returned to the user at buf. The statfs system call is commonly used for finding out the total size of the file system, the number of available blocks or the number of free blocks.

Arguments¶

path:const char*[U] - path of the mounted file system
buf:struct statfs*[U] - pointer to a buffer where the statfs data will be stored

Available Tags¶

K - Originated from kernel-space.
U - Originated from user space (for example, pointer to user space memory used to get it)
TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
OPT - Optional argument - might not always be available (passed with null value)

Hooks¶

sys_statfs¶

Type¶

Kprobe

Purpose¶

To keep track of when and how often the statfs system call is used.

Example Use Case¶

The statfs system call could be used to gather file system statistics, such as the size and number of free blocks, for monitoring the health of the system.

Issues¶

None.

mount (from which relevant statfs information can be obtained)

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.