diff options
-rw-r--r-- | elaborate.cxx | 25 | ||||
-rw-r--r-- | elaborate.h | 4 | ||||
-rw-r--r-- | main.cxx | 18 | ||||
-rw-r--r-- | runtime/staprun/common.c | 1 | ||||
-rw-r--r-- | runtime/staprun/staprun.c | 18 | ||||
-rw-r--r-- | runtime/staprun/staprun.h | 1 | ||||
-rw-r--r-- | runtime/staprun/staprun_funcs.c | 29 | ||||
-rw-r--r-- | runtime/transport/transport.c | 4 | ||||
-rw-r--r-- | session.h | 1 | ||||
-rwxr-xr-x[-rw-r--r--] | stap-authorize-server-cert | 0 | ||||
-rwxr-xr-x[-rw-r--r--] | stap-authorize-signing-cert | 0 | ||||
-rwxr-xr-x[-rw-r--r--] | stap-env | 0 | ||||
-rw-r--r-- | systemtap.spec | 1 | ||||
-rw-r--r-- | tapsets.cxx | 85 | ||||
-rw-r--r-- | translate.cxx | 33 | ||||
-rw-r--r-- | translate.h | 5 |
16 files changed, 184 insertions, 41 deletions
diff --git a/elaborate.cxx b/elaborate.cxx index 53f2a8f6..f6e1bbbf 100644 --- a/elaborate.cxx +++ b/elaborate.cxx @@ -261,8 +261,9 @@ match_key::globmatch(match_key const & other) const // ------------------------------------------------------------------------ match_node::match_node() - : end(NULL) -{} + : end(NULL), unprivileged_ok (false) +{ +} match_node * match_node::bind(match_key const & k) @@ -304,6 +305,18 @@ match_node::bind_num(string const & k) return bind(match_key(k).with_number()); } +match_node* +match_node::allow_unprivileged (bool b) +{ + unprivileged_ok = b; + return this; +} + +bool +match_node::unprivileged_allowed () const +{ + return unprivileged_ok; +} void match_node::find_and_build (systemtap_session& s, @@ -331,6 +344,14 @@ match_node::find_and_build (systemtap_session& s, param_map[loc->components[i]->functor] = loc->components[i]->arg; // maybe 0 + // Are we compiling for unprivileged users? */ + if (s.unprivileged) + { + // Is this probe point ok for unprivileged users? + if (! unprivileged_allowed ()) + throw semantic_error (string("probe point is not allowed for unprivileged users")); + } + b->build (s, p, loc, param_map, results); } else if (isglob(loc->components[pos]->functor)) // wildcard? diff --git a/elaborate.h b/elaborate.h index d927177b..36439c4f 100644 --- a/elaborate.h +++ b/elaborate.h @@ -236,6 +236,7 @@ match_node typedef std::map<match_key, match_node*>::iterator sub_map_iterator_t; sub_map_t sub; derived_probe_builder* end; + bool unprivileged_ok; public: match_node(); @@ -250,6 +251,9 @@ match_node match_node* bind_str(std::string const & k); match_node* bind_num(std::string const & k); void bind(derived_probe_builder* e); + + match_node* allow_unprivileged (bool b = true); + bool unprivileged_allowed () const; }; // ------------------------------------------------------------------------ @@ -130,6 +130,8 @@ usage (systemtap_session& s, int exitcode) #ifdef HAVE_LIBSQLITE3 << " -q generate information on tapset coverage" << endl #endif /* HAVE_LIBSQLITE3 */ + << " --unprivileged" << endl + << " restrict usage to features available to unprivileged users" << endl #if 0 /* PR6864: disable temporarily; should merge with -d somehow */ << " --kelf make do with symbol table from vmlinux" << endl << " --kmap[=FILE]" << endl @@ -402,6 +404,15 @@ main (int argc, char * const argv []) s.ignore_dwarf = false; s.load_only = false; s.skip_badvars = false; + s.unprivileged = false; + + // Location of our signing certificate. + // If we're root, use the database in SYSCONFDIR, otherwise + // use the one in our $HOME directory. */ + if (getuid() == 0) + s.cert_db_path = SYSCONFDIR "/systemtap/ssl/server"; + else + s.cert_db_path = getenv("HOME") + string ("/.systemtap/ssl/server"); // Location of our signing certificate. // If we're root, use the database in SYSCONFDIR, otherwise @@ -475,6 +486,7 @@ main (int argc, char * const argv []) #define LONG_OPT_IGNORE_DWARF 4 #define LONG_OPT_VERBOSE_PASS 5 #define LONG_OPT_SKIP_BADVARS 6 +#define LONG_OPT_UNPRIVILEGED 7 // NB: also see find_hash(), usage(), switch stmt below, stap.1 man page static struct option long_options[] = { { "kelf", 0, &long_opt, LONG_OPT_KELF }, @@ -483,6 +495,7 @@ main (int argc, char * const argv []) { "ignore-dwarf", 0, &long_opt, LONG_OPT_IGNORE_DWARF }, { "skip-badvars", 0, &long_opt, LONG_OPT_SKIP_BADVARS }, { "vp", 1, &long_opt, LONG_OPT_VERBOSE_PASS }, + { "unprivileged", 0, &long_opt, LONG_OPT_UNPRIVILEGED }, { NULL, 0, NULL, 0 } }; int grc = getopt_long (argc, argv, "hVMvtp:I:e:o:R:r:m:kgPc:x:D:bs:uqwl:d:L:FS:", @@ -610,6 +623,7 @@ main (int argc, char * const argv []) case 'g': s.guru_mode = true; + s.unprivileged = false; break; case 'P': @@ -726,6 +740,10 @@ main (int argc, char * const argv []) case LONG_OPT_SKIP_BADVARS: s.skip_badvars = true; break; + case LONG_OPT_UNPRIVILEGED: + s.unprivileged = true; + s.guru_mode = false; + break; default: cerr << "Internal error parsing command arguments." << endl; usage(s, 1); diff --git a/runtime/staprun/common.c b/runtime/staprun/common.c index c67ce340..644dfa53 100644 --- a/runtime/staprun/common.c +++ b/runtime/staprun/common.c @@ -30,6 +30,7 @@ int need_uprobes; int daemon_mode; off_t fsize_max; int fnum_max; +int unprivileged_user = 0; /* module variables */ char *modname = NULL; diff --git a/runtime/staprun/staprun.c b/runtime/staprun/staprun.c index 42b72ff1..917990dc 100644 --- a/runtime/staprun/staprun.c +++ b/runtime/staprun/staprun.c @@ -16,7 +16,7 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * - * Copyright (C) 2005-2008 Red Hat, Inc. + * Copyright (C) 2005-2009 Red Hat, Inc. * */ @@ -139,11 +139,21 @@ static int enable_uprobes(void) static int insert_stap_module(void) { - char bufsize_option[128]; + char special_options[128]; + char *bufptr = special_options; - if (snprintf_chk(bufsize_option, 128, "_stp_bufsize=%d", buffer_size)) + /* Add the _stp_bufsize option. */ + if (snprintf_chk(bufptr, sizeof (special_options), "_stp_bufsize=%d", buffer_size)) return -1; - return insert_module(modpath, bufsize_option, modoptions); + + /* Add the _stp_unprivileged_user option. */ + bufptr += strlen (bufptr); + if (snprintf_chk(bufptr, + sizeof (special_options) - (bufptr - special_options), + " _stp_unprivileged_user=%d", unprivileged_user)) + return -1; + + return insert_module(modpath, special_options, modoptions); } static int remove_module(const char *name, int verb); diff --git a/runtime/staprun/staprun.h b/runtime/staprun/staprun.h index acc533b2..5159f1bd 100644 --- a/runtime/staprun/staprun.h +++ b/runtime/staprun/staprun.h @@ -166,6 +166,7 @@ extern int need_uprobes; extern int daemon_mode; extern off_t fsize_max; extern int fnum_max; +extern int unprivileged_user; /* getopt variables */ extern char *optarg; diff --git a/runtime/staprun/staprun_funcs.c b/runtime/staprun/staprun_funcs.c index 40af1678..f8fe1308 100644 --- a/runtime/staprun/staprun_funcs.c +++ b/runtime/staprun/staprun_funcs.c @@ -403,7 +403,6 @@ check_groups (void) perr("Unable to retrieve group list"); return -1; } - for (i = 0; i < ngids; i++) { /* If the user is a member of 'stapdev', then we're * done, since he can use staprun without any @@ -419,9 +418,10 @@ check_groups (void) if (gidlist[i] == stapusr_gid) gid = stapusr_gid; } - /* Not a member of stapusr? */ - if (gid != stapusr_gid) - return 0; + if (gid != stapusr_gid) { + unprivileged_user = 1; + return 0; + } } /* At this point the user is only a member of the 'stapusr' @@ -440,8 +440,9 @@ check_groups (void) * 1) root can do anything * 2) members of stapdev can do anything * 3) members of stapusr can load modules from /lib/modules/KVER/systemtap + * 4) anyone can load a module which has been signed by a trusted signer * - * It is only an error if all 3 levels of checking fail + * It is only an error if all 4 levels of checking fail * * Returns: -1 on errors, 0 on failure, 1 on success. */ @@ -467,6 +468,17 @@ int check_permissions(void) if (check_groups_rc == 1) return 1; + /* The user is an ordinary user. If the module has been signed with + * a "blessed" certificate and private key, then we will load it for + * anyone. */ +#if HAVE_NSS + if (check_signature_rc == MODULE_OK) + return 1; + assert (check_signature_rc == MODULE_UNTRUSTED || check_signature_rc == MODULE_CHECK_ERROR); +#endif + + /* We are an ordinary user and the module was not signed by a trusted + signer. */ err("ERROR: You are trying to run stap as a normal user.\n" "You should either be root, or be part of either " "group \"stapdev\" or group \"stapusr\".\n"); @@ -474,6 +486,11 @@ int check_permissions(void) err("Your system doesn't seem to have either group.\n"); check_groups_rc = -1; } +#if HAVE_NSS + err("Alternatively, your module must be signed by a trusted signer.\n" + "For more information, please consult the \"SAFETY AND SECURITY\" section of the \"stap(1)\" manpage\n"); +#endif - return check_groups_rc; + /* Combine the return codes. They are either 0 or -1. */ + return check_groups_rc | check_signature_rc; } diff --git a/runtime/transport/transport.c b/runtime/transport/transport.c index 762c0a92..1ab49ae2 100644 --- a/runtime/transport/transport.c +++ b/runtime/transport/transport.c @@ -41,6 +41,10 @@ static int _stp_bufsize; module_param(_stp_bufsize, int, 0); MODULE_PARM_DESC(_stp_bufsize, "buffer size"); +static int _stp_unprivileged_user; +module_param(_stp_unprivileged_user, int, 1); +MODULE_PARM_DESC(_stp_unprivileged_user, "user is unprivileged"); + /* forward declarations */ static void probe_exit(void); static int probe_start(void); @@ -114,6 +114,7 @@ struct systemtap_session bool tapset_compile_coverage; bool need_uprobes; bool load_only; // flight recorder mode + bool unprivileged; // NB: It is very important for all of the above (and below) fields // to be cleared in the systemtap_session ctor (elaborate.cxx) diff --git a/stap-authorize-server-cert b/stap-authorize-server-cert index 13fb9c9f..13fb9c9f 100644..100755 --- a/stap-authorize-server-cert +++ b/stap-authorize-server-cert diff --git a/stap-authorize-signing-cert b/stap-authorize-signing-cert index 22da27c4..22da27c4 100644..100755 --- a/stap-authorize-signing-cert +++ b/stap-authorize-signing-cert diff --git a/systemtap.spec b/systemtap.spec index 77a170f8..a3a346fc 100644 --- a/systemtap.spec +++ b/systemtap.spec @@ -295,6 +295,7 @@ exit 0 %{_bindir}/stap-client %{_bindir}/stap-env %{_bindir}/stap-find-servers +%{_bindir}/stap-authorize-server-cert %{_bindir}/stap-client-connect %{_mandir}/man8/stap-server.8* diff --git a/tapsets.cxx b/tapsets.cxx index db14a787..9051d744 100644 --- a/tapsets.cxx +++ b/tapsets.cxx @@ -2594,11 +2594,14 @@ struct dwarf_derived_probe: public derived_probe // Pattern registration helpers. static void register_statement_variants(match_node * root, - dwarf_builder * dw); + dwarf_builder * dw, + bool unprivileged_ok = false); static void register_function_variants(match_node * root, - dwarf_builder * dw); + dwarf_builder * dw, + bool unprivileged_ok = false); static void register_function_and_statement_variants(match_node * root, - dwarf_builder * dw); + dwarf_builder * dw, + bool unprivileged_ok = false); static void register_patterns(systemtap_session& s); }; @@ -5512,25 +5515,28 @@ dwarf_derived_probe::dwarf_derived_probe(const string& funcname, void dwarf_derived_probe::register_statement_variants(match_node * root, - dwarf_builder * dw) + dwarf_builder * dw, + bool unprivileged_ok) { - root->bind(dw); + root->allow_unprivileged(unprivileged_ok)->bind(dw); } void dwarf_derived_probe::register_function_variants(match_node * root, - dwarf_builder * dw) + dwarf_builder * dw, + bool unprivileged_ok) { - root->bind(dw); - root->bind(TOK_INLINE)->bind(dw); - root->bind(TOK_CALL)->bind(dw); - root->bind(TOK_RETURN)->bind(dw); - root->bind(TOK_RETURN)->bind_num(TOK_MAXACTIVE)->bind(dw); + root->allow_unprivileged(unprivileged_ok)->bind(dw); + root->bind(TOK_INLINE)->allow_unprivileged(unprivileged_ok)->bind(dw); + root->bind(TOK_CALL)->allow_unprivileged(unprivileged_ok)->bind(dw); + root->bind(TOK_RETURN)->allow_unprivileged(unprivileged_ok)->bind(dw); + root->bind(TOK_RETURN)->bind_num(TOK_MAXACTIVE)->allow_unprivileged(unprivileged_ok)->bind(dw); } void dwarf_derived_probe::register_function_and_statement_variants(match_node * root, - dwarf_builder * dw) + dwarf_builder * dw, + bool unprivileged_ok) { // Here we match 4 forms: // @@ -5539,10 +5545,10 @@ dwarf_derived_probe::register_function_and_statement_variants(match_node * root, // .statement("foo") // .statement(0xdeadbeef) - register_function_variants(root->bind_str(TOK_FUNCTION), dw); - register_function_variants(root->bind_num(TOK_FUNCTION), dw); - register_statement_variants(root->bind_str(TOK_STATEMENT), dw); - register_statement_variants(root->bind_num(TOK_STATEMENT), dw); + register_function_variants(root->bind_str(TOK_FUNCTION), dw, unprivileged_ok); + register_function_variants(root->bind_num(TOK_FUNCTION), dw, unprivileged_ok); + register_statement_variants(root->bind_str(TOK_STATEMENT), dw, unprivileged_ok); + register_statement_variants(root->bind_num(TOK_STATEMENT), dw, unprivileged_ok); } void @@ -5558,11 +5564,10 @@ dwarf_derived_probe::register_patterns(systemtap_session& s) register_function_and_statement_variants(root->bind_str(TOK_MODULE), dw); root->bind(TOK_KERNEL)->bind_num(TOK_STATEMENT)->bind(TOK_ABSOLUTE)->bind(dw); root->bind(TOK_KERNEL)->bind_str(TOK_FUNCTION)->bind_str(TOK_LABEL)->bind(dw); - root->bind_str(TOK_PROCESS)->bind_str(TOK_FUNCTION)->bind_str(TOK_LABEL)->bind(dw); - - register_function_and_statement_variants(root->bind_str(TOK_PROCESS), dw); - root->bind_str(TOK_PROCESS)->bind_str(TOK_MARK)->bind(dw); - root->bind_str(TOK_PROCESS)->bind_num(TOK_MARK)->bind(dw); + root->bind_str(TOK_PROCESS)->bind_str(TOK_FUNCTION)->bind_str(TOK_LABEL)->allow_unprivileged()->bind(dw); + register_function_and_statement_variants(root->bind_str(TOK_PROCESS), dw, true/*unprivileged_ok*/); + root->bind_str(TOK_PROCESS)->bind_str(TOK_MARK)->allow_unprivileged()->bind(dw); + root->bind_str(TOK_PROCESS)->bind_num(TOK_MARK)->allow_unprivileged()->bind(dw); } void @@ -11787,14 +11792,14 @@ perfmon_derived_probe_group::emit_module_init (translator_output* o) void register_standard_tapsets(systemtap_session & s) { - s.pattern_root->bind(TOK_BEGIN)->bind(new be_builder(BEGIN)); - s.pattern_root->bind_num(TOK_BEGIN)->bind(new be_builder(BEGIN)); - s.pattern_root->bind(TOK_END)->bind(new be_builder(END)); - s.pattern_root->bind_num(TOK_END)->bind(new be_builder(END)); - s.pattern_root->bind(TOK_ERROR)->bind(new be_builder(ERROR)); - s.pattern_root->bind_num(TOK_ERROR)->bind(new be_builder(ERROR)); + s.pattern_root->bind(TOK_BEGIN)->allow_unprivileged()->bind(new be_builder(BEGIN)); + s.pattern_root->bind_num(TOK_BEGIN)->allow_unprivileged()->bind(new be_builder(BEGIN)); + s.pattern_root->bind(TOK_END)->allow_unprivileged()->bind(new be_builder(END)); + s.pattern_root->bind_num(TOK_END)->allow_unprivileged()->bind(new be_builder(END)); + s.pattern_root->bind(TOK_ERROR)->allow_unprivileged()->bind(new be_builder(ERROR)); + s.pattern_root->bind_num(TOK_ERROR)->allow_unprivileged()->bind(new be_builder(ERROR)); - s.pattern_root->bind(TOK_NEVER)->bind(new never_builder()); + s.pattern_root->bind(TOK_NEVER)->allow_unprivileged()->bind(new never_builder()); timer_builder::register_patterns(s); s.pattern_root->bind(TOK_TIMER)->bind("profile")->bind(new profile_builder()); @@ -11807,57 +11812,81 @@ register_standard_tapsets(systemtap_session & s) // XXX: user-space starter set s.pattern_root->bind_num(TOK_PROCESS) ->bind_num(TOK_STATEMENT)->bind(TOK_ABSOLUTE) + ->allow_unprivileged() ->bind(new uprobe_builder ()); s.pattern_root->bind_num(TOK_PROCESS) ->bind_num(TOK_STATEMENT)->bind(TOK_ABSOLUTE)->bind(TOK_RETURN) + ->allow_unprivileged() ->bind(new uprobe_builder ()); // utrace user-space probes s.pattern_root->bind_str(TOK_PROCESS)->bind(TOK_BEGIN) + ->allow_unprivileged() ->bind(new utrace_builder ()); s.pattern_root->bind_num(TOK_PROCESS)->bind(TOK_BEGIN) + ->allow_unprivileged() ->bind(new utrace_builder ()); s.pattern_root->bind(TOK_PROCESS)->bind(TOK_BEGIN) + ->allow_unprivileged() ->bind(new utrace_builder ()); s.pattern_root->bind_str(TOK_PROCESS)->bind(TOK_END) + ->allow_unprivileged() ->bind(new utrace_builder ()); s.pattern_root->bind_num(TOK_PROCESS)->bind(TOK_END) + ->allow_unprivileged() ->bind(new utrace_builder ()); s.pattern_root->bind(TOK_PROCESS)->bind(TOK_END) + ->allow_unprivileged() ->bind(new utrace_builder ()); s.pattern_root->bind_str(TOK_PROCESS)->bind(TOK_THREAD)->bind(TOK_BEGIN) + ->allow_unprivileged() ->bind(new utrace_builder ()); s.pattern_root->bind_num(TOK_PROCESS)->bind(TOK_THREAD)->bind(TOK_BEGIN) + ->allow_unprivileged() ->bind(new utrace_builder ()); s.pattern_root->bind(TOK_PROCESS)->bind(TOK_THREAD)->bind(TOK_BEGIN) + ->allow_unprivileged() ->bind(new utrace_builder ()); s.pattern_root->bind_str(TOK_PROCESS)->bind(TOK_THREAD)->bind(TOK_END) + ->allow_unprivileged() ->bind(new utrace_builder ()); s.pattern_root->bind_num(TOK_PROCESS)->bind(TOK_THREAD)->bind(TOK_END) + ->allow_unprivileged() ->bind(new utrace_builder ()); s.pattern_root->bind(TOK_PROCESS)->bind(TOK_THREAD)->bind(TOK_END) + ->allow_unprivileged() ->bind(new utrace_builder ()); s.pattern_root->bind_str(TOK_PROCESS)->bind(TOK_SYSCALL) + ->allow_unprivileged() ->bind(new utrace_builder ()); s.pattern_root->bind_num(TOK_PROCESS)->bind(TOK_SYSCALL) + ->allow_unprivileged() ->bind(new utrace_builder ()); s.pattern_root->bind(TOK_PROCESS)->bind(TOK_SYSCALL) + ->allow_unprivileged() ->bind(new utrace_builder ()); s.pattern_root->bind_str(TOK_PROCESS)->bind(TOK_SYSCALL)->bind(TOK_RETURN) + ->allow_unprivileged() ->bind(new utrace_builder ()); s.pattern_root->bind_num(TOK_PROCESS)->bind(TOK_SYSCALL)->bind(TOK_RETURN) + ->allow_unprivileged() ->bind(new utrace_builder ()); s.pattern_root->bind(TOK_PROCESS)->bind(TOK_SYSCALL)->bind(TOK_RETURN) + ->allow_unprivileged() ->bind(new utrace_builder ()); // itrace user-space probes s.pattern_root->bind_str(TOK_PROCESS)->bind(TOK_INSN) + ->allow_unprivileged() ->bind(new itrace_builder ()); s.pattern_root->bind_num(TOK_PROCESS)->bind(TOK_INSN) + ->allow_unprivileged() ->bind(new itrace_builder ()); s.pattern_root->bind_str(TOK_PROCESS)->bind(TOK_INSN)->bind(TOK_BLOCK) + ->allow_unprivileged() ->bind(new itrace_builder ()); s.pattern_root->bind_num(TOK_PROCESS)->bind(TOK_INSN)->bind(TOK_BLOCK) + ->allow_unprivileged() ->bind(new itrace_builder ()); // marker-based parts diff --git a/translate.cxx b/translate.cxx index 87811e9f..0423d4ce 100644 --- a/translate.cxx +++ b/translate.cxx @@ -66,6 +66,7 @@ struct c_unparser: public unparser, public visitor void emit_global_init (vardecl* v); void emit_global_param (vardecl* v); void emit_functionsig (functiondecl* v); + void emit_unprivileged_user_check (); void emit_module_init (); void emit_module_exit (); void emit_function (functiondecl* v); @@ -1087,6 +1088,29 @@ c_unparser::emit_functionsig (functiondecl* v) } +void +c_unparser::emit_unprivileged_user_check () +{ + // If the --unprivileged option was specified then the module + // will be safe for unprivileged users, if it is successfully generated, + // so no check need be emitted. + if (session->unprivileged) + return; + + // Otherwise, generate code to check whether the user is unprivileged. + // If so, then generate an error and indicate that the check has failed. + o->newline(); + o->newline() << "static int systemtap_unprivileged_user_check (void) {"; + o->newline(1) << "if (! _stp_unprivileged_user)"; + o->newline(1) << "return 0;"; + + o->newline(-1) << "_stp_error (\"You are attempting to run stap as an ordinary user.\");"; + o->newline() << "_stp_error (\"Your module must be compiled using the --unprivileged option.\");"; + o->newline() << "return 1;"; + + o->newline(-1) << "}\n"; +} + void c_unparser::emit_module_init () @@ -1131,6 +1155,12 @@ c_unparser::emit_module_init () o->newline() << "if (_stp_module_check()) rc = -EINVAL;"; o->newline(-1) << "}"; + + if (! session->unprivileged) { + // Check whether the user is unprivileged. + o->newline() << "if (systemtap_unprivileged_user_check ()) rc = -EINVAL;"; + } + o->newline() << "if (rc) goto out;"; o->newline() << "(void) probe_point;"; @@ -5107,6 +5137,9 @@ translate_pass (systemtap_session& s) s.op->assert_0_indent(); s.op->newline(); + s.up->emit_unprivileged_user_check (); + s.op->assert_0_indent(); + s.op->newline(); s.up->emit_module_init (); s.op->assert_0_indent(); s.op->newline(); diff --git a/translate.h b/translate.h index fdff9521..2c59a495 100644 --- a/translate.h +++ b/translate.h @@ -1,5 +1,5 @@ // -*- C++ -*- -// Copyright (C) 2005 Red Hat Inc. +// Copyright (C) 2005, 2009 Red Hat Inc. // // This file is part of systemtap, and is free software. You can // redistribute it and/or modify it under the terms of the GNU General @@ -79,6 +79,9 @@ struct unparser virtual void emit_functionsig (functiondecl* v) = 0; // static void function_NAME (context* c); + virtual void emit_unprivileged_user_check () = 0; + // static void systemtap_check_unprivileged_user + virtual void emit_module_init () = 0; virtual void emit_module_exit () = 0; // XXX |