Bug #2916: DTrace in a zone should be able to access fds[] - illumos gate - illumos

Bug #2916

DTrace in a zone should be able to access fds[]

Added by Joshua M. Clulow about 8 years ago. Updated over 6 years ago.

Status:

Resolved

Priority:

Normal

Assignee:

Joshua M. Clulow

Category:

Start date:

2012-06-22

Due date:

% Done:

Estimated time:

Difficulty:

Medium

Tags:

Gerrit CR:

Description

Users in zones cannot have the dtrace_kernel privilege, and thus cannot presently gain access to the contents of DTrace fds[] array, most pertinently the path information for open files.

Users with only dtrace_proc should be able to read fds[] for processes that they can trace. This change enables that behaviour by providing access to the file_t for any file descriptor of the current thread via a new D subroutine -- getf(int fd) -- and arranging to ensure the underlying file_t is not freed until it is no longer in use by the probe.

It also raises our DTrace version to 1.10.

Upstream commit:

commit 6aeb8da105d6b0eefea62e369665d04ee7562bb8
Author: Bryan Cantrill <bryan@joyent.com>
Date:   Mon Jun 4 06:54:42 2012 +0000

    OS-1237 need to be able to access fds[] from a non-global zone

and on github: https://github.com/joyent/illumos-joyent/commit/6aeb8da105d6b0eefea62e369665d04ee7562bb8

History

Updated by Joshua M. Clulow about 8 years ago

webrev: http://cr.illumos.org/~webrev/jclulow/2916/

Updated by Electric Monk over 6 years ago

git commit b0f673c4626e4cb1db7785287eaeed2731dfefe8

Author: Bryan Cantrill <bryan@joyent.com>

2915 DTrace in a zone should see "cpu", "curpsinfo", et al
2916 DTrace in a zone should be able to access fds[]
2917 DTrace in a zone should have limited provider access
Reviewed by: Joshua M. Clulow <josh@sysmgr.org>
Reviewed by: Adam Leventhal <ahl@delphix.com>
Approved by: Gordon Ross <gwr@nexenta.com>

Updated by Rich Lowe over 6 years ago

Status changed from New to Resolved

Also available in: Atom PDF

Project

General

Profile

illumos gate

Issues