name_to_handle_at - Gets a handle for a path
The name_to_handle_at system call takes an open file descriptor
dirfd of a directory and a path
pathname relative to it, and acts in a similar fashion to name_to_handle_at. It returns a handle that can be used in the future to refer to the object specified by the path.
The use of this system call allows applications to keep track of objects even if the path to them changes due to mount/unmount operations or directory moves. It is similar to the openat system call, but the returned file handle is valid even if the process moves to another mount namespace.
handle argument is the output that will be filled by the system call. The purpose of passing
mount_id is to specify an exported or shared filesystem handle to be used instead of the name.
flags is used to add additional information about the name resolution for the file handle.
int[K] - File descriptor of a directory used by name_to_handle_at.
const char*[K] - Path relative to the directory specified by the
struct file_handle*[K] - Memory address used to hold the output result (file handle).
int*[K] - Pointer to an additional information of the exported filesystem.
int[K] - Flags used to add additional information on the name resolution of the file handle.
- K - Originated from kernel-space.
Kprobe + Uprobe
To trace each time a process calls a
name_to_handle_at system call.
Example Use Case¶
When writing a file system monitoring application, it might be interesting to keep track of changes regarding objects in the file system associated with a certain process. The
name_to_handle_at system call allows for that, by providing an efficient way to retrieve handles for the objects.
If mountIDs are used, the returned file handle may be unreliable if the filesystem is moved or unmounted in the meanwhile.
This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.