Log openat modes instead of every read / write

Question

Log openat modes instead of every read / write

Closed this issue 4 years ago · 0 comments

Right now we are intercepting every read and write. This is expensive and noisy. For now, let's instead log open calls by their mode. If a file is opened for reading only, we assume it's been read. If a file is opened with writing only, we assume it was written to. If it opens for both, we assume it was read and written.

Remove read and write handling in event loop
Stop intercepting read and write
Extend handling of openat to report the mode the file is opened in
move this logic to a helper function handle_openat()
call this function in the posthook, not the prehook. The fd is not correct until the posthook, and we only want to report successful openings in read, write, or read/write mode, and successful file creations