Trace open() syscalls
Install: bpfcc-tools.
Requirements: BPF. Check in /boot/config-* the following flags:
CONFIG_BPF=y CONFIG_BPF_SYSCALL=y
Also the kernel must support BPF.
1. open()
sudo opensnoop-bpfcc
2. failed open()
sudo opensnoop-bpfcc -x
3. of certain proc PID
sudo opensnoop-bpfcc -p PID