pfiles for Linux

Problem

Someone asked if there is a Linux equivalent of the [http://www.scit.wlv.ac.uk/cgi-bin/mansec?1+pfiles Solaris pfiles tool]. pfiles is a Solaris proc utility that reports information of all open files by the process id. Eugene decided to write a similar tool with SystemTap.

Scripts

The script is too long to be listed here. Please download the [attachment:pfiles.stp script] instead.

Output

$ ./pfiles.stp -g `pgrep pidgin`
4038:  -pidgin
  Current rlimit: 256 file descriptors
   0: S_IFCHR mode:0666 dev:0,16 ino:1971 uid:500 gid:500 rdev:1,3
        O_RDONLY|O_LARGEFILE 
   1: S_IFIFO mode:0600 dev:0,6 ino:13796 uid:0 gid:42 rdev:0,0
        O_WRONLY 
   2: S_IFIFO mode:0600 dev:0,6 ino:13796 uid:0 gid:42 rdev:0,0
        O_WRONLY 
   3: S_IFSOCK mode:0777 dev:0,5 ino:18645 uid:500 gid:500 rdev:0,0
        O_RDWR|O_NONBLOCK|O_NDELAY FD_CLOEXEC
   4: S_IFIFO mode:0600 dev:0,6 ino:18647 uid:500 gid:500 rdev:0,0
        O_RDONLY 
   5: S_IFIFO mode:0600 dev:0,6 ino:18647 uid:500 gid:500 rdev:0,0
        O_WRONLY 
   6: S_IFSOCK mode:0777 dev:0,5 ino:18648 uid:500 gid:500 rdev:0,0
        O_RDWR|O_NONBLOCK|O_NDELAY FD_CLOEXEC
   7: S_IFSOCK mode:0777 dev:0,5 ino:18722 uid:500 gid:500 rdev:0,0
        O_RDWR|O_NONBLOCK|O_NDELAY FD_CLOEXEC
   8: S_IFIFO mode:0600 dev:0,6 ino:18650 uid:500 gid:500 rdev:0,0
        O_RDONLY 
   9: S_IFIFO mode:0600 dev:0,6 ino:18650 uid:500 gid:500 rdev:0,0
        O_WRONLY 
  10: S_IFIFO mode:0600 dev:0,6 ino:18651 uid:500 gid:500 rdev:0,0
        O_RDONLY 
  11: S_IFIFO mode:0600 dev:0,6 ino:18651 uid:500 gid:500 rdev:0,0
        O_WRONLY|O_NONBLOCK|O_NDELAY 
  12: S_IFIFO mode:0600 dev:0,6 ino:18653 uid:500 gid:500 rdev:0,0
        O_RDONLY 
  13: S_IFIFO mode:0600 dev:0,6 ino:18653 uid:500 gid:500 rdev:0,0
        O_WRONLY 
  14: S_IFSOCK mode:0777 dev:0,5 ino:18654 uid:500 gid:500 rdev:0,0
        O_RDWR|O_NONBLOCK|O_NDELAY FD_CLOEXEC
  15: S_IFSOCK mode:0777 dev:0,5 ino:18658 uid:500 gid:500 rdev:0,0
        O_RDWR FD_CLOEXEC
  16: S_IFSOCK mode:0777 dev:0,5 ino:18674 uid:500 gid:500 rdev:0,0
        O_RDWR|O_NONBLOCK|O_NDELAY 
  18: S_IFIFO mode:0600 dev:0,6 ino:18677 uid:500 gid:500 rdev:0,0
        O_WRONLY 
  19: S_IFIFO mode:0600 dev:0,6 ino:18678 uid:500 gid:500 rdev:0,0
        O_RDONLY 
  20: S_IFSOCK mode:0777 dev:0,5 ino:18744 uid:500 gid:500 rdev:0,0
        O_RDWR|O_NONBLOCK|O_NDELAY FD_CLOEXEC

Lessons

You can start writing useful systems tools that are not available in Linux with SystemTap. [http://sources.redhat.com/systemtap/wiki/WSPfiles pfiles] and [http://sources.redhat.com/systemtap/wiki/WSPlimit plimit] are excellent examples.


WarStories