This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
Re: How does embedded C + annotations + privileges really play together?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 05/30/2012 04:30 PM, Frank Ch. Eigler wrote:
> Petr Muller <muller@redhat.com> writes:
>
>> Seems logical, but then there follows a description of "The
>> embedded-C code may contain markers to ...", which contains stuff
>> like '/* unprivileged */' and '/* guru */'. The first one says
>> that with these annotations it should be possible to use embedded
>> C even as a unprivileged user, and the second one seems simply
>> redundant.
>
> The /* guru */ markup is useful in embedded-C functions in the
> tapset. Normally, embedded-C code in the tapset is allowed to be
> called, without stap -g guru mode, because it is presumed to be
> safely/competently written. These are usually for direct
> invocation from within the tapset handlers themselves.
An example of restricting callers via /* guru */ use in tapsets can be
found in guru-delay.stp:
30 function mdelay(ms:long) %{
31 /* guru */
32 mdelay(THIS->ms);
33 %}
This restricts the use of the tapset to competent users (or at least:
users the administrator believes to be competent ;).
Regards,
Bryn.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk/GQ9AACgkQ6YSQoMYUY95j1ACgsz/YzePHJc9KuSEg4lxn6cyQ
V5IAn0da26xiRtuody1iuP0yva77Opt/
=kUUF
-----END PGP SIGNATURE-----