diff options
| author | Frank Ch. Eigler <fche@elastic.org> | 2009-09-15 18:29:45 -0400 |
|---|---|---|
| committer | Frank Ch. Eigler <fche@elastic.org> | 2009-09-15 18:29:45 -0400 |
| commit | da23eceb71cc70668ab9dfd80d318b3837703d9d (patch) | |
| tree | dcfb85f50cf035213bde1836d2167ceca00c8205 /NEWS | |
| parent | 2260f4e32eb4c0b4cc95e4bef8ccdc5dc66261af (diff) | |
| parent | 24fcff20ed7a4a9f2b772c572db28ee8df49161f (diff) | |
| download | systemtap-steved-da23eceb71cc70668ab9dfd80d318b3837703d9d.tar.gz systemtap-steved-da23eceb71cc70668ab9dfd80d318b3837703d9d.tar.xz systemtap-steved-da23eceb71cc70668ab9dfd80d318b3837703d9d.zip | |
Merge branch 'master' of ssh://sources.redhat.com/git/systemtap
* 'master' of ssh://sources.redhat.com/git/systemtap: (34 commits)
Update the langref copyright notice
Fix some probe examples in the language reference
Remove automatic authorization of servers started by root as trusted signers.
docs: add abnormal termination section to PROCESSING
Remove unneeded header file
Get the module to sign from -p4's stdout
Move --unprivileged support news to the top.
Firther updates to NEWS regarding signing and unprivileged users.
Authorize new certificates created for servers started by root as authorized signers.
2009-09-14 Dave Brolley <brolley@redhat.com>
Allow remaining process.* probes for unprivileged users.
Use the sched_switch tracepoint if available.
PR10608: mark test cases untested once compilation failed
Make check.exp not sleep so much in test_installcheck.
Make tracepoints.exp test more efficient by running as one giant script.
Only test highest optimization for exelib.exp test.
Replace small exelib.exp testcases with one jumbo testcase.
Remove duplicate uprobe_derived_probe code
Add semaphores for use with the forthcoming sdt marker checks.
Add actual pc address to semantic error about inaccessible variables.
...
Conflicts:
tapsets.cxx
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 87 |
1 files changed, 49 insertions, 38 deletions
@@ -1,32 +1,5 @@ * What's new -- Memory consumption for scripts involving many uprobes has been - dramatically reduced. - -- The preprocessor now supports || and && in the conditions. - %( arch == "x86_64" || arch == "ia64" %: ... %) - -- It is now possible to cross-compile systemtap scripts for foreign - architectures, using the new '-a ARCH' and '-B OPT=VALUE' flags. - For example, put arm-linux-gcc etc. into your $PATH, and point - systemtap at the target kernel build tree with: - stap -a arm -B CROSS_COMPILE=arm-linux- -r /build/tree [...] - The -B option is passed to kbuild make. -r identifies the already - configured/built kernel tree and -a its architecture (kbuild ARCH=...). - Systemtap will infer -p4. - -- The systemtap notion of "architecture" now matches the kernel's, rather - than that of "uname -m". This means that 32-bit i386 family are all - known as "i386" rather than "i386" or "i686"; "ppc64" as "powerpc"; - "s390x" as "s390", and so on. This is consistent between the new - "-a ARCH" flag and the script-level %( arch ... %) conditional. - -- It is now possible to define multiple probe aliases with the same name. - A probe will expand to all matching aliases. - probe foo = bar { } - probe foo = baz { } - probe foo { } # expands twice, once to bar and once to baz - - Support for unprivileged users: ***************************************************************************** * WARNING!!!!!!!!!! @@ -42,18 +15,24 @@ - Using the --unprivileged option on stap enables translation-time checking for use by unprivileged users (see restrictions below). - All modules deemed suitable for use by unprivileged users will be signed - by stap (see module signing in release 0.9.8 below). - - Modules signed by trusted users and verified by staprun will be loaded by - staprun regardless of the user's privilege level. - - The system administrator asserts the trustworthiness of a user by running - stap-authorize-signing-cert <cert-file> as root, where <cert-file> can - be found in ~<user>/.systemtap/ssl/server/stap.cert. - - Restrictions are intentionally strict at this time and will be relaxed in + by stap-server when --unprivileged is specified on stap-client (see module + signing in release 0.9.8 and stap-server in release 0.9 below). + - Modules signed by trusted signers (servers) and verified by staprun will be + loaded by staprun regardless of the user's privilege level. + - The system administrator asserts the trustworthiness of a signer (server) by + running stap-authorize-signing-cert <cert-file> as root, where <cert-file> + can be found in ~<user>/.systemtap/ssl/server/stap.cert for servers started + by ordinary users and in $sysconfdir/systemtap/ssl/server/stap.cert for + servers started by root. + - Servers started by root are automatically authorized as trusted signers on + the local host. + - Restrictions are intentionally strict at this time and may be relaxed in the future: - probe points are restricted to: - begin, begin(n), end, end(n), error(n), never, - timer.{jiffies,s,sec,ms,msec,us,usec,ns,nsec}(n)*, timer.hz(n) - - embedded C code is not allowed. + begin, begin(n), end, end(n), error, error(n), never, + timer.{jiffies,s,sec,ms,msec,us,usec,ns,nsec}(n)*, timer.hz(n), + process.* (for processes owned by the user). + - use of embedded C code is not allowed. - use of tapset functions using embedded C code is restricted. - accessing the kernel memory space is not allowed. - The following command line options may not be used: @@ -65,6 +44,38 @@ SYSTEMTAP_RUNTIME, SYSTEMTAP_TAPSET, SYSTEMTAP_DEBUGINFO_PATH - nss and nss-tools are required to use this feature. +- Memory consumption for scripts involving many uprobes has been + dramatically reduced. + +- The preprocessor now supports || and && in the conditions. + %( arch == "x86_64" || arch == "ia64" %: ... %) + +- It is now possible to cross-compile systemtap scripts for foreign + architectures, using the new '-a ARCH' and '-B OPT=VALUE' flags. + For example, put arm-linux-gcc etc. into your $PATH, and point + systemtap at the target kernel build tree with: + stap -a arm -B CROSS_COMPILE=arm-linux- -r /build/tree [...] + The -B option is passed to kbuild make. -r identifies the already + configured/built kernel tree and -a its architecture (kbuild ARCH=...). + Systemtap will infer -p4. + +- The systemtap notion of "architecture" now matches the kernel's, rather + than that of "uname -m". This means that 32-bit i386 family are all + known as "i386" rather than "i386" or "i686"; "ppc64" as "powerpc"; + "s390x" as "s390", and so on. This is consistent between the new + "-a ARCH" flag and the script-level %( arch ... %) conditional. + +- It is now possible to define multiple probe aliases with the same name. + A probe will expand to all matching aliases. + probe foo = bar { } + probe foo = baz { } + probe foo { } # expands twice, once to bar and once to baz + +- A new experimental transport mechanism, using ftrace's ring_buffer, + has been added. This may become the default transport mechanism in + future versions of systemtap. To test this new transport mechanism, + define 'STP_USE_RING_BUFFER'. + * What's new in version 0.9.9 - Systemwide kernel .function.return (kretprobe) maxactive defaults may @@ -139,7 +150,7 @@ syscall arguments are also available by name in nd_syscalls. - Module signing: If the appropriate nss libraries are available on your - system, stap will sign each compiled module using a self-generated + system, stap-server will sign each compiled module using a self-generated certificate. This is the first step toward extending authority to load certain modules to unprivileged users. For now, if the system administrator adds a certificate to a database of trusted signers |