This is the mail archive of the
mailing list for the systemtap project.
Re: How does embedded C + annotations + privileges really play together?
- From: fche at redhat dot com (Frank Ch. Eigler)
- To: muller at redhat dot com
- Cc: systemtap at sourceware dot org
- Date: Wed, 30 May 2012 11:30:43 -0400
- Subject: Re: How does embedded C + annotations + privileges really play together?
- References: <email@example.com>
Petr Muller <firstname.lastname@example.org> writes:
> Seems logical, but then there follows a description of "The embedded-C
> code may contain markers to ...", which contains stuff like '/*
> unprivileged */' and '/* guru */'. The first one says that with these
> annotations it should be possible to use embedded C even as a
> unprivileged user, and the second one seems simply redundant.
The /* guru */ markup is useful in embedded-C functions in the tapset.
Normally, embedded-C code in the tapset is allowed to be called,
without stap -g guru mode, because it is presumed to be
safely/competently written. These are usually for direct invocation
from within the tapset handlers themselves.
Such functions may not be invoked from --privilege=stapusr mode at
all, unless they are instead marked /* unprivileged */. These