This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
New Probe Points for Unprivileged Users
- From: Dave Brolley <brolley at redhat dot com>
- To: SystemTAP <systemtap at sources dot redhat dot com>
- Date: Thu, 10 Sep 2009 15:41:54 -0400
- Subject: New Probe Points for Unprivileged Users
Hi,
Support for limited probing by unprivileged users (not root, stapdev or
stapusr) was recently pushed to our git sources (see the NEWS file). The
number and type of probe points available to these users has
intentionally been restricted in the early stages of development and
testing.
Overall, the philosophy is that an unprivileged user should not be able
to use systemtap to affect the system in ways they would not normally be
able to or to obtain information that they would not normally be able to
obtain.
The current set of allowed probes is:
begin
begin(N)
end()
end(N)
error
error(N)
never
timer.*
process.begin
process.end
process("xxx").begin
process("xxx").end
process(N).begin
process(N).end
where process.* probes are restricted to the user's own processes.
I would like to expand the list of available probes to include the
remainder of the process.* probes where, once again, probes are
restricted to the user's own processes. Before doing so, I just wanted
to double check that this would not be exposing anything in violation of
the philosophy mentioned above. If you see any problems with exposing
the probe points below to unprivileged users, for their own processes,
then please let me know.
Thanks,
Dave
-------------------------------------
process.syscall
process.syscall.return
process.thread.begin
process.thread.end
process("xxx").function("yyy")
process("xxx").function("yyy").inline
process("xxx").function("yyy").call
process("xxx").function("yyy").return
process("xxx").function("yyy").return.maxactive
process("xxx").function("yyy").label("lll")
process("xxx").function(N)
process("xxx").function(N).inline
process("xxx").function(N).call
process("xxx").function(N).return
process("xxx").function(N).return.maxactive
process("xxx").insn
process("xxx").insn.block
process("xxx").mark("mmm")
process("xxx").mark(N)
process("xxx").statement("yyy")
process("xxx").statement(N)
process("xxx").syscall
process("xxx").syscall.return
process("xxx").thread.begin
process("xxx").thread.end
process(N).statement(N).absolute
process(N).statement(N).absolute.return
process(N).insn
process(N).insn.block
process(N).syscall
process(N).syscall.return
process(N).thread.begin
process(N).thread.end