I have a non-global zone with apache processes.
I have set the following with zonecfg:
limitpriv: default,dtrace_proc,dtrace_user
I can now trace my apache processes as root from the global zone, but not as
normal user.
I added this as normal user in the file /etc/ouser_attr:
saf::::type=normal;defaultpriv=basic,dtrace_proc,dtrace_user,dtrace_kernel,proc_owner,proc_zone;profiles=Primary
Administrator;roles=root
However it does not work:
# id
uid=0(root) gid=0(root)
# dtrace -l | grep php | wc -l
48
# exit
$ id
uid=101(saf) gid=10(staff) groups=10(staff),0(root),80(webservd)
$ dtrace -l | grep php | wc -l
24
Why I can't see with dtrace my other 24 processes which runs in a non-global
zone?
--
This message posted from opensolaris.org
