libbpf-tools: add mountsnoop
This commit adds a new libbpf tool mountsnoop.
It has the same functionalities just as its
counterpart in BCC tools. The default output
is the same.
```
$ mountsnoop
COMM PID TID MNT_NS CALL
dockerd 1827 1903
4026531840 mount("overlay", "/data/docker/overlay2/
153e6b58322c64cf4b2aac1b9caba42d390481a7d33a2bffe0eb858943d49fb6-init/merged", "overlay", 0x0, "index=off,lowerdir=/data/docker/overlay2/l/GWTHHZ2C3PYGAJ5GLTWLHMHHKR,upperdir=/data/docker/overlay2/
153e6b58322c64cf4b2aac1b9caba42d390481a7d33a2bffe0eb858943d49fb6-init/diff,workdir=/data/docker/overlay2/
153e6b58322c64cf4b2aac1b9caba42d390481a7d33a2bffe0eb858943d49fb6-init/work") = 0
dockerd 1827 1903
4026531840 umount("/data/docker/overlay2/
153e6b58322c64cf4b2aac1b9caba42d390481a7d33a2bffe0eb858943d49fb6-init/merged", MS_NOSUID) = 0
```
Also, we provide a detailed mode enabled by -d
option which displays each mount/umount syscall
vertically with more field. In this way, the
output looks more friendly.
```
$ mountsnoop -d -t
PID: 1827
TID: 1864
COMM: dockerd
OP: MOUNT
RET: 0
LAT: 246us
MNT_NS:
4026531840
FS: overlay
SOURCE: overlay
TARGET: /data/docker/overlay2/
5fc51d4e4820082177751a8aadf3f42a751c86aff1e0efbc1a5e6af345ee205a-init/merged
DATA: index=off,lowerdir=/data/docker/overlay2/l/GWTHHZ2C3PYGAJ5GLTWLHMHHKR,upperdir=/data/docker/overlay2/
5fc51d4e4820082177751a8aadf3f42a751c86aff1e0efbc1a5e6af345ee205a-init/diff,workdir=/data/docker/overlay2/
5fc51d4e4820082177751a8aadf3f42a751c86aff1e0efbc1a5e6af345ee205a-init/work
FLAGS: 0x0
PID: 1827
TID: 1864
COMM: dockerd
OP: UMOUNT
RET: 0
LAT: 95us
MNT_NS:
4026531840
FS:
SOURCE:
TARGET: /data/docker/overlay2/
5fc51d4e4820082177751a8aadf3f42a751c86aff1e0efbc1a5e6af345ee205a-init/merged
DATA:
FLAGS: MS_NOSUID
```
Signed-off-by: Hengqi Chen <chenhengqi@outlook.com>
projects / platform / upstream / bcc.git / commit