Kernel facilities for tracking file accesses

From: J.C. Wren (
Date: Sat Jun 21 2003 - 17:45:41 EST

        Does any facility exist in the 2.4 and up kernels for logging *every* open,
read, write, seek, close, etc call? I'm trying to debug a problem in a
package I don't have source to, and I'm trying to prove that it's not
applying a configuration path option to files it's opening.

        Ideally, I'd like a kernel module I can load that I can apply a regexp or
limited pattern matchng to, and will log a selected group of operations as
defined by a bitmask or other configuration option. I would prefer something
that monitors the entire system, rather than trying to sandbox this
particular program (it runs as a daemon).

        Do the kernels have facilties for such tracking?


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

This archive was generated by hypermail 2b29 : Mon Jun 23 2003 - 22:00:36 EST