This is the mail archive of the
systemtap@sourceware.org
mailing list for the systemtap project.
FW: Re: pre-compiled systemtap modules - try2 feature request
- From: "David Sperry" <dave_sperry at ieee dot org>
- To: <systemtap at sources dot redhat dot com>
- Date: Thu, 14 Sep 2006 18:30:49 -0400
- Subject: FW: Re: pre-compiled systemtap modules - try2 feature request
Hi,
We will be deploying systemTap to a large development/test/user production
environment and the pre-compiled modules are of great interest for us. We
are running RHEL4U2 with a 2.6.16 kernel with Ingo Molnar's RT patch set and
a modified glibc for PI. SystemTap basically works in our environment has
helped us isolate problems with various parts of the RT kernel. We have
started to grow some simple scripts that are useful to our environment.
Unfortunately our security policy limits who can have root privileges to
less than 0.5% of our users. What we would like to do is have the majority
of our user base be able to run only pre-compiled modules which are blessed
by our internal security.? This way we can make some diagnostic utilities
for the real-time environment without needing to give everybody root/sudo.
Any thoughts on how to do this via PAM/sticky bits or otherwise?
Dave
dave_sperry at ieeeDotOrg
>???????????????????????????????????????????????????????????????????????????
>????????????? fche@redhat.com??????????????????????????????????????????????
>????????????? (Frank Ch.???????????????????????????????????????????????????
>????????????? Eigler)??????????????????????????????????????????????????? To
>????????????? Sent by:????????????????? David Smith <dsmith@redhat.com>????
>????????????? systemtap-owner@s????????????????????????????????????????? cc
>????????????? ourceware.org???????????? "Martin M. Hunt" <hunt@redhat.com>,
>??????????????????????????????????????? Systemtap List??????????????????
???
>??????????????????????????????????????? <systemtap@sources.redhat.com>?????
>????????????? 09/14/2006 11:50????????????????????????????????????? Subject
>????????????? AM??????????????????????? Re: pre-compiled systemtap modules?
>???????????????? ???????????????????????(try 2)????????????????????????????
>???????????????????????????????????????????????????????????????????????????
>
> David Smith <dsmith@redhat.com> writes:
>
> > [...]
> > > Instead of "-P", why not have stap just realize it's been given a
> module
> > > and it automatically does the right thing?
> >
> > Hmm.? You do have a point here, because with the patch it is
> > possible to do something like stupid like "stap -P foo.ko bar.stp".
>
> We should consider separating the compile / run front-ends into
> separate programs entirely, perhaps by promoting and renaming stpd
> ("staprun")?? This makes sense further because we will want to make it
> possible to install only a small subset of systemtap itself on a
> deployment machine in order to run a pre-compiled script.
>
> > > Why not "-S [dir]" so that the current directory is the default?
> >
> > That is certainly possible [...]
>
> Actually, not really, with getopt.? A flag must or must not take a
> parameter, otherwise it leads to parsing ambiguities.
>
> - FChE
>