I've the following one-liner to show files opened by process:
sudo dtrace -n 'syscall::open*:entry { printf("%s %s",execname,copyinstr(arg0)); }'
however I've plenty of repeated errors such as:
dtrace: error on enabled probe ID 4 (ID 946: syscall::open_nocancel:entry): invalid user access in action #2 at DIF offset 24
dtrace: error on enabled probe ID 7 (ID 160: syscall::open:entry): invalid user access in action #2 at DIF offset 24
I'm aware that I can suppress them by redirecting to 2> /dev/null.
What these errors means and why they're happening?
Is it dtrace fault, or some specific process causing that? And how this problem can be addressed?
I'm using OS X 10.11.2
This is potentially related to El Capitan and its System Integrity Protection (csrutil status) which can affect the dtrace behaviour.
The potential fix includes rebooting Mac into recovery mode (⌘-R at boot time), then in Terminal run:
csrutil enable --without dtrace
to keep SIP enabled, but disable DTrace restrictions (note: this is undocumented parameter).
Or disable SIP completely by:
csrutil disable # Not recommended.
See:
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments