This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
Here's the latest on being able to run systemtap without root privileges required.
"stapusr" - Systemtap user, who can only run "blessed" kernel modules that someone in the "stapdev" group has compiled and put in /lib/modules/`uname -r`/systemtap.
staprun (which is setuid root) starts up and checks the user's permissions (as outlined above). If the user has the correct permissions, staprun inserts the kernel module, fixes up ownership on relayfs files, then forks and execs (as the user) "staprun_io", which does all the reading of data/commands from the modules. staprun waits for "staprun_io" to finish. After staprun_io finishes, staprun removes the module (if needed).
I've attached a compressed patch which implements the above. (The patch is big because of all of the code rearranging I've done down in src/runtime/staprun along with regenerating Makefile.in.)
-- David Smith dsmith@redhat.com Red Hat http://www.redhat.com 256.217.0141 (direct) 256.837.0057 (fax)
Attachment:
diffs.txt.bz2
Description: application/bzip
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |