It would be convenient if proctrace could keep track of which file descriptors were open at which points in time, including which ones were inherited via a fork.
Monitoring open and close syscalls is pretty straightforward, but determining which fds were inherited is less straightforward.
I think you find the file table through the $cur_task builtin variable, but it seems like in the actual kernel you're supposed to do this while holding some kind of lock, and we don't have that lock.
It would be convenient if
proctracecould keep track of which file descriptors were open at which points in time, including which ones were inherited via afork.Monitoring
openandclosesyscalls is pretty straightforward, but determining which fds were inherited is less straightforward.I think you find the file table through the
$cur_taskbuiltin variable, but it seems like in the actual kernel you're supposed to do this while holding some kind of lock, and we don't have that lock.