开发者

Is there a command to list all syscall names and numbers on linux in bash?

问答 作者:

I know syscall 1 means write,

but is there a command to list all implemented 开发者_高级运维syscall names and numbers on linux in bash?

The man page points to the header file sys/syscall.h. It has all the defined constants, and it's located at /usr/include/sys/syscall.h. (That's the location on OS X, which I'm using, but I think it'll be the same for most Linux distros, too.)

I tries @dolmen's answer, but it didn't work for me, so I did something similar like this (linux mint x86_64)

echo -e '#include <sys/syscall.h>' | \
cpp -dM | grep "#define __NR_.*[0-9]$" | \
cut -d' ' -f 2,3 | cut -d_ -f 4-

.. outputs about 500 lines like:

waitid 247
fdatasync 75
mq_getsetattr 245
sched_getaffinity 204
connect 42
epoll_pwait 281
init_module 175
....

I can create a sed command file with this:

echo -e '#include <sys/syscall.h>' | cpp -dM | grep "#define __NR_.*[0-9]$" | cut -d' ' -f 2,3 | cut -d_ -f 4- | sed 's|\(.*\) \(.*\)|s/syscall=\2 /syscall=\1 /|' > syscalls.sed

So I can translate those numbers from logs, like this:

dmesg | grep ' audit:' | sed -f syscalls.sed

which looks like:

[171511.625242] audit: type=AUDIT_AVC audit(1677790613.406:135): apparmor="DENIED" operation="capable" profile="/usr/bin/man" pid=211339 comm="nroff" capability=1  capname="dac_override"
[173576.575868] audit: type=AUDIT_SECCOMP audit(1677847162.251:136): auid=4294967295 uid=33 gid=33 ses=4294967295 pid=200272 comm="apache2" exe="/usr/sbin/apache2" sig=31 arch=c000003e syscall=madvise compat=0 ip=0x7f5cf03eea7b code=0x80000000
[173593.434960] audit: type=AUDIT_SECCOMP audit(1677847179.107:137): auid=4294967295 uid=33 gid=33 ses=4294967295 pid=200266 comm="apache2" exe="/usr/sbin/apache2" sig=31 arch=c000003e syscall=madvise compat=0 ip=0x7f5cf03eea7b code=0x80000000

(it converts '28' to 'madvise')

Here is a oneliner that I just wrote. It works at least on Linux and requires a C compiler on the machine as it uses /usr/bin/cpp and system include files.

{ echo -e '#include <sys/syscall.h>\n#define X(c) #c c'; sed -n 's/#define \(SYS_[^ ]*\).*/X(\1)/p' $(echo -e '#include <sys/syscall.h>' | cpp | sed -n 's/# [0-9]* "\([^<"]*\)".*/\1/p') | sort -u; } | cpp -P | grep ' [0-9]*$'

继续阅读:bashsystem-calls

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9