diff options
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 28 |
1 files changed, 17 insertions, 11 deletions
@@ -42,18 +42,24 @@ - Using the --unprivileged option on stap enables translation-time checking for use by unprivileged users (see restrictions below). - All modules deemed suitable for use by unprivileged users will be signed - by stap (see module signing in release 0.9.8 below). - - Modules signed by trusted users and verified by staprun will be loaded by - staprun regardless of the user's privilege level. - - The system administrator asserts the trustworthiness of a user by running - stap-authorize-signing-cert <cert-file> as root, where <cert-file> can - be found in ~<user>/.systemtap/ssl/server/stap.cert. - - Restrictions are intentionally strict at this time and will be relaxed in + by stap-server when --unprivileged is specified on stap-client (see module + signing in release 0.9.8 and stap-server in release 0.9 below). + - Modules signed by trusted signers (servers) and verified by staprun will be + loaded by staprun regardless of the user's privilege level. + - The system administrator asserts the trustworthiness of a signer (server) by + running stap-authorize-signing-cert <cert-file> as root, where <cert-file> + can be found in ~<user>/.systemtap/ssl/server/stap.cert for servers started + by ordinary users and in $sysconfdir/systemtap/ssl/server/stap.cert for + servers started by root. + - Servers started by root are automatically authorized as trusted signers on + the local host. + - Restrictions are intentionally strict at this time and may be relaxed in the future: - probe points are restricted to: - begin, begin(n), end, end(n), error(n), never, - timer.{jiffies,s,sec,ms,msec,us,usec,ns,nsec}(n)*, timer.hz(n) - - embedded C code is not allowed. + begin, begin(n), end, end(n), error, error(n), never, + timer.{jiffies,s,sec,ms,msec,us,usec,ns,nsec}(n)*, timer.hz(n), + process.* (for processes owned by the user). + - use of embedded C code is not allowed. - use of tapset functions using embedded C code is restricted. - accessing the kernel memory space is not allowed. - The following command line options may not be used: @@ -144,7 +150,7 @@ syscall arguments are also available by name in nd_syscalls. - Module signing: If the appropriate nss libraries are available on your - system, stap will sign each compiled module using a self-generated + system, stap-server will sign each compiled module using a self-generated certificate. This is the first step toward extending authority to load certain modules to unprivileged users. For now, if the system administrator adds a certificate to a database of trusted signers |