On Wed 09 Jan 2008 at 09:19PM, Chad Mynhier wrote:
> On Jan 9, 2008 1:26 AM, Adam Leventhal <[EMAIL PROTECTED]> wrote:
> > I forgot to mention that there's a rather large caveat here. If a user
> > has the dtrace_user or dtrace_kernel privilege, but _not_ the dtrace_proc
> > privilege he won't be able to use pid provider probes.
> >
> > I think the two options are to either support both breakpoints in libdtrace
> > as a fallback position, to work on getting dtrace_proc in the list of
> > default
> > (basic) privileges, or give up on the bug for now.
>
> Yeah, that's fairly major. I'd prefer to fix this bug and get the
> appropriate privileges into the set of basic privileges.
I think this will have a potential knock-on effect for zones, since
dtrace_proc isn't in the set a zone (even a zone root user) has by
default. We could change that, although the received wisdom up until
now has been that zones should not be granted dtrace_proc or dtrace_user
by default.
-dp
--
Daniel Price - Solaris Kernel Engineering - [EMAIL PROTECTED] - blogs.sun.com/dp
_______________________________________________
dtrace-discuss mailing list
[email protected]
