DTrace in a zone should have limited provider access
Users in zones cannot have the dtrace_kernel privilege, and thus cannot presently utilise various stable probe providers; in particular: proc, sched, vminfo and sysinfo.
This change allows SDT probes to specify that they may be enabled within a zone, but with potentially no access to probe arguments to prevent privileged information escaping.
commit 6362fa2ef8de603055ef378e03d09a4330b91a98 Author: Bryan Cantrill <email@example.com> Date: Wed Jun 6 06:15:33 2012 +0000 OS-1247 need limited access to some DTrace providers in the non-global zone
Updated by Electric Monk about 6 years ago
Author: Bryan Cantrill <firstname.lastname@example.org> 2915 DTrace in a zone should see "cpu", "curpsinfo", et al 2916 DTrace in a zone should be able to access fds 2917 DTrace in a zone should have limited provider access Reviewed by: Joshua M. Clulow <email@example.com> Reviewed by: Adam Leventhal <firstname.lastname@example.org> Approved by: Gordon Ross <email@example.com>