Bug #2916
closedDTrace in a zone should be able to access fds[]
0%
Description
Users in zones cannot have the dtrace_kernel privilege, and thus cannot presently gain access to the contents of DTrace fds[] array, most pertinently the path information for open files.
Users with only dtrace_proc should be able to read fds[] for processes that they can trace. This change enables that behaviour by providing access to the file_t for any file descriptor of the current thread via a new D subroutine -- getf(int fd) -- and arranging to ensure the underlying file_t is not freed until it is no longer in use by the probe.
It also raises our DTrace version to 1.10.
Upstream commit:
commit 6aeb8da105d6b0eefea62e369665d04ee7562bb8 Author: Bryan Cantrill <bryan@joyent.com> Date: Mon Jun 4 06:54:42 2012 +0000 OS-1237 need to be able to access fds[] from a non-global zone
and on github: https://github.com/joyent/illumos-joyent/commit/6aeb8da105d6b0eefea62e369665d04ee7562bb8
Updated by Joshua M. Clulow about 10 years ago
Updated by Electric Monk over 8 years ago
git commit b0f673c4626e4cb1db7785287eaeed2731dfefe8
Author: Bryan Cantrill <bryan@joyent.com> 2915 DTrace in a zone should see "cpu", "curpsinfo", et al 2916 DTrace in a zone should be able to access fds[] 2917 DTrace in a zone should have limited provider access Reviewed by: Joshua M. Clulow <josh@sysmgr.org> Reviewed by: Adam Leventhal <ahl@delphix.com> Approved by: Gordon Ross <gwr@nexenta.com>