On Sun, Aug 23, 2020 at 12:36 PM Ian <firstname.lastname@example.org> wrote:
Hello! Sorry for the wait, I just started back at uni and things are a little bit crazy around here!
Anyways, this is the source code for my version of open snoop. Which is what I have been testing with. This does not contain the changes for map reading. My goal is to have this open snoop file open/read a map with one element after it gets the PID to compare them. It is also worth noting that I am tracking both open and openat within the same file.
I don't see anything needing kernel BTF in there, so if libbpf still
fails on not being able to load kernel BTF, that might be a bug in
libbpf. Can you please double-check this with the latest released (or
just plain latest) libbpf and if that's still happening, please
provide debug-level logs from libbpf. Thank you!