Compare systrace against fsatrace, bigbro, traced-fs

[rrnewton]

I don't think we're close to a "release" (i.e. advertising systrace more widely) yet.

But with a future release in mind, it would be good to have a piece of documentation somewhere comparing against these other tracing methods.

[rrnewton]

With all these names that have "trace" as a suffix, I was wondering if there is something that characterizes what systrace does better than "sys". Alas it looks like "bintrace" is taken...

[wangbj]

It's hard to find a good naming, I chose it without too much thoughts, please suggest if you find any thing better :)

[wangbj]

traced-fs doesn't have any update for 3+ years, assume it was succeeded by fsatrace. fsatrace is based on LD_PRELOAD, it also only traces several filesystem related syscalls (interestingly, it also LD_PRELOAD fopen, which is libc function). So it has the limitations of LD_PRELOAD, such as:

• not able to intercept syscalls inside library itself, such as syscalls inside libc.so.6;
• not able to intercept static binaries

[wangbj]

bigbro seems use the similar approach as detTrace, by using seccomp and ptrace, Like fsatrace, it only traps filesystem related APIs, and patching is a non-goal as far as I can see.