BCC script to trace openat

bcc_openat_tracepoint.py

#!/usr/bin/env python3

from bcc import BPF

b = BPF(text="""
TRACEPOINT_PROBE(syscalls, sys_enter_openat) {
  bpf_trace_printk("sys_enter_openat mode:%ld filename:%s (%ld)\\n", args->mode, args->filename, args->filename);

  return 0;
}
""")

while 1:
  try:
    (task, pid, cpu, flags, ts, msg) = b.trace_fields()

  except ValueError:
    continue

  print("%-18.9f %-16s %-6d %s" % (ts, task, pid, msg))