Friday Nov 08, 2013

Who keeps removing that file?

Over the years, I've had many times when some file gets removed and there's no obvious culprit.  With dtrace, it is somewhat easy to figure out:

 #! /usr/sbin/dtrace -wqs

syscall::unlinkat:entry
/cleanpath(copyinstr(arg1)) == "/dev/null"/
{
        stop();
        printf("%s[%d] stopped before removing /dev/null\n", execname, pid);
        system("ptree %d; pstack %d", pid, pid);
}

That script will stop the process trying to remove /dev/null before it does it.  You can allow it to continue by restarting (unstopping?) the command with prun(1) or killing it with kill -9.  If you want the command to continue automatically after getting the ptree and pstack output, you can add "; prun %d" and another pid argument to the system() call.

About

I'm a Principal Software Engineer in the Solaris Zones team. In this blog, I'll talk about zones, how they interact with other parts of Solaris, and related topics.

Search

Categories
Archives
« November 2013
SunMonTueWedThuFriSat
     
1
2
3
4
5
6
7
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
       
Today