svn commit: r189063 - head/sys/kern
Alexander Leidinger
Alexander at Leidinger.net
Thu Feb 26 04:49:51 PST 2009
Quoting Robert Watson <rwatson at FreeBSD.org> (from Thu, 26 Feb 2009
10:57:13 +0000 (GMT)):
> On Thu, 26 Feb 2009, Robert Watson wrote:
>
>> Log:
>> Add static tracing for privilege checking:
>>
>> priv:kernel:priv_check:priv_ok fires for granted privileges
>> priv:kernel:priv_check:priv_errr fires for denied privileges
>>
>> The first argument is the requested privilege number. The naming
>> convention is a little different from the OpenSolaris equivilent
>> because we can't have '-' in probefunc names, and our privilege
>> namespace is different.
>
> A typical tracing command might be:
>
> dtrace -n 'priv:::priv_ok { trace(execname); trace(arg0);}'
>
> arg0 requires manual interpretation using /usr/include/sys/priv.h.
Theoretically it is possible to write a little script which takes
priv.h and generates a little bit of dtrace stuff which allows to
print out strings instead of numbers. But I think this is a matter of
motivation...
I would also use printf("program: %s, priv: $d\n", execname, arg0) or
something similar with printf, but this is cosmetics.
Should we create a repository of dtrace scripts in /usr/share or
wherever? For the linuxulator I have several scripts in my
linuxulator-dtrace branch (some more, some less useful for
non-developers).
Bye,
Alexander.
--
Never trust anybody whose arm is bigger than your leg.
http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7
http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137
More information about the svn-src-all
mailing list