I am using bcc to trace several syscalls, why is it that I can trace syscalls like write, close, fchown using a simple attach_kprobe but can't trace syscalls like stat, fstat?
I assume that are other syscalls that I can't trace but haven't found which ones. How can I trace stat, fstat and how are these different from the usual write, close ?
Sample code:
b = BPF(text=prog)
b.attach_kprobe(event=b.get_syscall_fnname("fstat"), fn_name="syscall_fstat")
In my prog I do a simple print
int syscall_fstat(void *ctx){
bpf_trace_printk("fstat\n");
return 0;
}
Instead of using stat I should be using newstat.