> syscalltrack also has better filtering than strace, and supports
> actions - fail the system call if it passed that filter, suspend the
> process if it passed that filter, etc.
I can do that with ptrace, too. See subterfugue.
> Basically, there are things which strace is good for, and there are
> things subterfuge is good for, and there are things syscalltrack is
> good for. Use the right tool for the job. You can see more about
> syscalltrack's capabilities on the website.
Agreed, whole system under subterfugue would be a pain.
> [1] You can probably emulate syscalltrack's system wide behaviour by
> ptracing init and all of its forked children, but your system will
> slow to a crawl. With syscalltrack, you'll barely feel anything.
Agreed, speed difference is *huge*.
Pavel
-- Casualities in World Trade Center: ~3k dead inside the building, cryptography in U.S.A. and free speech in Czech Republic. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/