#include <linux/sched.h>
#include <linux/mm_types.h>
tracepoint:syscalls:sys_enter_open,
tracepoint:syscalls:sys_enter_openat
/args->flags & 00000100/
{
printf("%s\t%d\t%d\tCREATE\t%s\t%s\n",
strftime("%FT%T",nsecs), pid, uid, comm, str(args->filename));
}
tracepoint:syscalls:sys_enter_mkdir,
tracepoint:syscalls:sys_enter_mkdirat
{
printf("%s\t%d\t%d\tMKDIR\t%s\t%s %3o\n",
strftime("%FT%T",nsecs), pid, uid, comm, str(args->pathname), args->mode&0777);
}
tracepoint:syscalls:sys_enter_rmdir
{
printf("%s\t%d\t%d\tRMDIR\t%s\t%s\n",
strftime("%FT%T",nsecs), pid, uid, comm, str(args->pathname));
}
tracepoint:syscalls:sys_enter_unlink,
tracepoint:syscalls:sys_enter_unlinkat
{
printf("%s\t%d\t%d\tUNLINK\t%s\t%s\n",
strftime("%FT%T",nsecs), pid, uid, comm, str(args->pathname));
}
tracepoint:syscalls:sys_enter_link,
tracepoint:syscalls:sys_enter_linkat
{
printf("%s\t%d\t%d\tLINK\t%s\t%s %s\n",
strftime("%FT%T",nsecs), pid, uid, comm, str(args->oldname), str(args->newname));
}
tracepoint:syscalls:sys_enter_rename,
tracepoint:syscalls:sys_enter_renameat,
tracepoint:syscalls:sys_enter_renameat2
{
printf("%s\t%d\t%d\tRENAME\t%s\t%s %s\n",
strftime("%FT%T",nsecs), pid, uid, comm, str(args->oldname), str(args->newname));
}
tracepoint:syscalls:sys_enter_chmod,
tracepoint:syscalls:sys_enter_fchmodat
{
printf("%s\t%d\t%d\tCHMOD\t%s\t%s %3o\n",
strftime("%FT%T",nsecs), pid, uid, comm, str(args->filename), args->mode&0777);
}
tracepoint:syscalls:sys_enter_chown,
tracepoint:syscalls:sys_enter_lchown,
tracepoint:syscalls:sys_enter_fchownat
{
printf("%s\t%d\t%d\tCHOWN\t%s\t%s %d %d\n",
strftime("%FT%T",nsecs), pid, uid, comm, str(args->filename), args->user, args->group);
}
