Print this page
2917 DTrace in a zone should have limited provider access

@@ -21,10 +21,13 @@
 /*
  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
+/*
+ * Copyright (c) 2012, Joyent, Inc. All rights reserved.
+ */
 
 #include <sys/modctl.h>
 #include <sys/sunddi.h>
 #include <sys/dtrace.h>
 #include <sys/kobj.h>

@@ -417,13 +420,23 @@
         sdt_probetab =
             kmem_zalloc(sdt_probetab_size * sizeof (sdt_probe_t *), KM_SLEEP);
         dtrace_invop_add(sdt_invop);
 
         for (prov = sdt_providers; prov->sdtp_name != NULL; prov++) {
+                uint32_t priv;
+
+                if (prov->sdtp_priv == DTRACE_PRIV_NONE) {
+                        priv = DTRACE_PRIV_KERNEL;
+                        sdt_pops.dtps_mode = NULL;
+                } else {
+                        priv = prov->sdtp_priv;
+                        ASSERT(priv == DTRACE_PRIV_USER);
+                        sdt_pops.dtps_mode = sdt_mode;
+                }
+
                 if (dtrace_register(prov->sdtp_name, prov->sdtp_attr,
-                    DTRACE_PRIV_KERNEL, NULL,
-                    &sdt_pops, prov, &prov->sdtp_id) != 0) {
+                    priv, NULL, &sdt_pops, prov, &prov->sdtp_id) != 0) {
                         cmn_err(CE_WARN, "failed to register sdt provider %s",
                             prov->sdtp_name);
                 }
         }