Project

General

Profile

Bug #2916

DTrace in a zone should be able to access fds[]

Added by Joshua M. Clulow about 8 years ago. Updated over 6 years ago.

Status:
Resolved
Priority:
Normal
Category:
-
Start date:
2012-06-22
Due date:
% Done:

0%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:

Description

Users in zones cannot have the dtrace_kernel privilege, and thus cannot presently gain access to the contents of DTrace fds[] array, most pertinently the path information for open files.

Users with only dtrace_proc should be able to read fds[] for processes that they can trace. This change enables that behaviour by providing access to the file_t for any file descriptor of the current thread via a new D subroutine -- getf(int fd) -- and arranging to ensure the underlying file_t is not freed until it is no longer in use by the probe.

It also raises our DTrace version to 1.10.

Upstream commit:

commit 6aeb8da105d6b0eefea62e369665d04ee7562bb8
Author: Bryan Cantrill <bryan@joyent.com>
Date:   Mon Jun 4 06:54:42 2012 +0000

    OS-1237 need to be able to access fds[] from a non-global zone

and on github: https://github.com/joyent/illumos-joyent/commit/6aeb8da105d6b0eefea62e369665d04ee7562bb8

History

#2

Updated by Electric Monk over 6 years ago

git commit b0f673c4626e4cb1db7785287eaeed2731dfefe8

Author: Bryan Cantrill <bryan@joyent.com>

2915 DTrace in a zone should see "cpu", "curpsinfo", et al
2916 DTrace in a zone should be able to access fds[]
2917 DTrace in a zone should have limited provider access
Reviewed by: Joshua M. Clulow <josh@sysmgr.org>
Reviewed by: Adam Leventhal <ahl@delphix.com>
Approved by: Gordon Ross <gwr@nexenta.com>

#3

Updated by Rich Lowe over 6 years ago

  • Status changed from New to Resolved

Also available in: Atom PDF