Can't trace Go code on Linux

jacereda / fsatrace

Filesystem access tracer

ISC License

78 stars 12 forks source link

Can't trace Go code on Linux #24

Open ndmitchell opened 5 years ago

ndmitchell commented 5 years ago

As an example, given the go code:

package main

import (
    "fmt"
    "io/ioutil"
    "os"
)

func main() {
    b, err := ioutil.ReadFile(os.Args[1])
    if err != nil {
        fmt.Print(err)
    }
    fmt.Print(string(b))
}

Save that as main.go and compile it with go build -o main main.go. fsatrace does not detect the read. I believe the cause will be that go does not use dynamic libraries but jumps straight to syscalls.

jacereda commented 5 years ago

That's right, and this is a dead end in this case. The code injection depends on injecting libc with a preload. At some point I started a FUSE filesystem that was almost ready, but since fsatrace worked fine for my use case I stopped development. Here is the repo:

https://github.com/jacereda/traced-fs

droundy commented 5 years ago

You could alternatively use libbigbro to track changes on linux. Bigbro uses ptrace internally, so it can handle go just fine, since it's tracking the system calls. ptrace does have its own limitations, since it is sometimes disabled in container systems like docker.