DTrace in a zone should be able to access fds
Users in zones cannot have the dtrace_kernel privilege, and thus cannot presently gain access to the contents of DTrace fds array, most pertinently the path information for open files.
Users with only dtrace_proc should be able to read fds for processes that they can trace. This change enables that behaviour by providing access to the file_t for any file descriptor of the current thread via a new D subroutine -- getf(int fd) -- and arranging to ensure the underlying file_t is not freed until it is no longer in use by the probe.
It also raises our DTrace version to 1.10.
commit 6aeb8da105d6b0eefea62e369665d04ee7562bb8 Author: Bryan Cantrill <firstname.lastname@example.org> Date: Mon Jun 4 06:54:42 2012 +0000 OS-1237 need to be able to access fds from a non-global zone
Updated by Electric Monk over 8 years ago
Author: Bryan Cantrill <email@example.com> 2915 DTrace in a zone should see "cpu", "curpsinfo", et al 2916 DTrace in a zone should be able to access fds 2917 DTrace in a zone should have limited provider access Reviewed by: Joshua M. Clulow <firstname.lastname@example.org> Reviewed by: Adam Leventhal <email@example.com> Approved by: Gordon Ross <firstname.lastname@example.org>