This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
Re: assigned_user_credentials = pr_stapdev
- From: Dave Brolley <brolley at redhat dot com>
- To: Henrik /KaarPoSoft <henrik at kaarposoft dot dk>
- Cc: systemtap at sourceware dot org
- Date: Mon, 25 Feb 2013 10:57:32 -0500
- Subject: Re: assigned_user_credentials = pr_stapdev
- References: <512A4559.70208@kaarposoft.dk>
Hi Henrik,
This certainly appears to be a bug of some kind. I will investigate but,
in the mean time, please take the time to create an official bug report.
See http://sourceware.org/systemtap/wiki/HowToReportBugs for assistance.
Thanks for reporting this,
Dave
On 02/24/2013 11:52 AM, Henrik /KaarPoSoft wrote:
Dear all,
Systemtap version 2.1.
I have created a small systemtap script and compiled with "stap
--privilege=stapsys".
As root, I can "staprun" the script just fine.
As root I have installed the script in "/lib/modules/`uname
-r`/systemtap".
If I try "staprun" as a user in groups staprun and stapsys (but NOT
stapdev), I get this error message:
ERROR: Your privilege credentials (stapdev) are insufficient to run
this module (stapsys required).
I find this a bit strange, as the user is NOT a member of stapdev as
claimed, but the user IS a member of stapsys as required.
The above scenario was working way back with systemtap version 1.8,
but is now failing with 2.1.
I looked at commit 429a4963, which introduced this around line 756 in
staprun/staprun_funcs.c:
if (assigned_user_credentials)
assigned_user_credentials = pr_stapdev;
If I change this to
assigned_user_credentials |= pr_stapdev;
the above scenario works like a charm.
As I have very limited knowledge of systemtap, I would appreciate your
comments on this workaround.
Am I doing something wrong, and should use a different combination of
privileges and groups?
Or is there really a problem with systemtap?
And if there IS a problem, is the above workaround the correct solution?
Any help on this would be most appreciated...
/Henrik