This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Systemtap with no root required


Here's the latest on being able to run systemtap without root privileges
required.

Here's a description of the current plan. There are 2 linux groups (feel free to suggest better names):

"stapdev" - Systemtap developer, who can do anything with systemtap

"stapusr" - Systemtap user, who can only run "blessed" kernel modules
that someone in the "stapdev" group has compiled and put in
/lib/modules/`uname -r`/systemtap.

staprun (which is setuid root) starts up and checks the user's
permissions (as outlined above).  If the user has the correct
permissions, staprun inserts the kernel module, fixes up ownership on
relayfs files, then forks and execs (as the user) "staprun_io", which
does all the reading of data/commands from the modules.  staprun waits
for "staprun_io" to finish.  After staprun_io finishes, staprun removes
the module (if needed).

I've attached a compressed patch which implements the above.  (The
patch is big because of all of the code rearranging I've done down in
src/runtime/staprun along with regenerating Makefile.in.)

I've run the test suite on rhel4 (x86_64) and fc7 (x86) with no
regressions (except for 1 syscall test on x86 that I'm looking into). What's left? I've got documentation and ChangeLog entries
to write.


Anyone got any thoughts or comments?

Thanks.

--
David Smith
dsmith@redhat.com
Red Hat
http://www.redhat.com
256.217.0141 (direct)
256.837.0057 (fax)

Attachment: diffs.txt.bz2
Description: application/bzip


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]