This is the mail archive of the systemtap@sources.redhat.com mailing list for the systemtap project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: separating policy and mechanism


brad.chen wrote:

> > OK but recall my note during the face-to-face meeting that we need to
> > consider people reusing each other's script fragments in a way that
> > avoids automatically blessing those reused scripts as trusted.
>
> I don't see the conflict; re-used code would go into end-user
> scripts, not into tapset definitions, and so would not be trusted.

Sort of: My point was that it's a matter of point of view: one
person's reusable script fragment can be another person's "tapset", in
much the way that perl libraries can build upon one another.  Safety
privilege boundaries need not match reuse boundaries.  (This is a
parallel to the observation that safety privilege boundaries also need
not match a user's classification into "performance tweaker" versus
"kernel debugger".)

> I'm assuming that creating trusted code would require something like
> building all of Systemtap from source [...]

Only a one of the possible tapset extension mechanisms is actually
likely to require the translator or runtime to be rebuilt.  I just
committed a partial new tapset section in the archpaper directory,
which may finally illuminate the promise of script-only tapsets.


- FChE


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]