This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: How does embedded C + annotations + privileges really play together?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/30/2012 04:30 PM, Frank Ch. Eigler wrote:
> Petr Muller <muller@redhat.com> writes:
> 
>> Seems logical, but then there follows a description of "The
>> embedded-C code may contain markers to ...", which contains stuff
>> like '/* unprivileged */' and '/* guru */'. The first one says
>> that with these annotations it should be possible to use embedded
>> C even as a unprivileged user, and the second one seems simply
>> redundant.
> 
> The /* guru */ markup is useful in embedded-C functions in the
> tapset. Normally, embedded-C code in the tapset is allowed to be
> called, without stap -g guru mode, because it is presumed to be 
> safely/competently written.  These are usually for direct
> invocation from within the tapset handlers themselves.

An example of restricting callers via /* guru */ use in tapsets can be
found in guru-delay.stp:

  30 function mdelay(ms:long) %{
  31   /* guru */
  32   mdelay(THIS->ms);
  33 %}

This restricts the use of the tapset to competent users (or at least:
users the administrator believes to be competent ;).

Regards,
Bryn.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk/GQ9AACgkQ6YSQoMYUY95j1ACgsz/YzePHJc9KuSEg4lxn6cyQ
V5IAn0da26xiRtuody1iuP0yva77Opt/
=kUUF
-----END PGP SIGNATURE-----
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]