我正在学习 bpftrace。当我运行 cwd 命令时,我尝试捕获 getcwd 系统调用,但没有结果。
bpftrace -e 'tracepoint:syscalls:sys_enter_getcwd {printf("called, command %s, process_id %d\n", comm, pid);}'
但是,如果我运行 strace pwd,我会得到结果。为什么?
您在最琐碎的单行示例(例如“hello world”)方面取得了成功吗?
bpftrace -e 'BEGIN { printf("hello world\n"); }'
你的命令语法没有任何问题,它在我的机器上有效:
$ bpftrace -e 'tracepoint:syscalls:sys_enter_getcwd {printf("called, command %s, process_id %d\n", comm, pid);}'
Attaching 1 probe...
called, command runc:[2:INIT], process_id 783761
called, command runc:[2:INIT], process_id 783749
called, command bash, process_id 783761
called, command runc:[2:INIT], process_id 783748
called, command runc:[2:INIT], process_id 784099
called, command runc:[2:INIT], process_id 784092
called, command imgproxy, process_id 784099
called, command runc:[2:INIT], process_id 784129
called, command runc:[2:INIT], process_id 784142
called, command pg_isready, process_id 784092
called, command pg_isready, process_id 784092
called, command pg_isready, process_id 784092
called, command node, process_id 784129
called, command node, process_id 784142
^C
$