docs: add macOS learning mode analysis with fs_usage approach

Browse Source

Document fs_usage as a viable alternative to strace for macOS
--learning mode. SIP blocks all dtrace-based tools (dtrace, dtruss,
opensnoop) even with sudo, but fs_usage uses the kdebug kernel
facility which is unaffected. Requires admin access only for the
passive monitor process — the sandboxed command stays unprivileged.

...

This commit is contained in:

Mathieu Virbel

2026-02-22 19:07:30 -06:00

parent 62bf37d481

commit 4ea4592d75

1 changed files with 1151 additions and 0 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

1151

analysis.md Normal file

File diff suppressed because it is too large Load Diff