On Jan 9, 2008 10:27 PM, Dan Price <[EMAIL PROTECTED]> wrote: > > On Wed 09 Jan 2008 at 09:19PM, Chad Mynhier wrote: > > On Jan 9, 2008 1:26 AM, Adam Leventhal <[EMAIL PROTECTED]> wrote: > > > > > > I think the two options are to either support both breakpoints in > > > libdtrace > > > as a fallback position, to work on getting dtrace_proc in the list of > > > default > > > (basic) privileges, or give up on the bug for now. > > > > Yeah, that's fairly major. I'd prefer to fix this bug and get the > > appropriate privileges into the set of basic privileges. > > I think this will have a potential knock-on effect for zones, since > dtrace_proc isn't in the set a zone (even a zone root user) has by > default. We could change that, although the received wisdom up until > now has been that zones should not be granted dtrace_proc or dtrace_user > by default.
Hey, Dan, Thanks for pointing this out. I'm curious: are these not part of the default privileges for zones because there are known issues with violating the fault boundary ceated by zones, or is it just that nobody has had the time to fully look at the issue? (I can see 2006/124 but not 2002/174 or 2002/188. Do you know if the answer is somewhere else I can see?) I guess the real question is, would I be tilting at windmills if I wanted to get this changed? Chad _______________________________________________ dtrace-discuss mailing list [email protected]
