dtrace_user Privilege
The dtrace_user privilege permits use of the profile and syscall providers with some caveats,
and the use of the following actions and variables:
Providers |
profile |
syscall |
fasttrap |
Actions |
copyin |
copyout |
stop |
copyinstr |
raise |
ustack |
Variables |
execname |
pid |
uregs |
Address Spaces |
User |
|
|
The dtrace_user privilege provides only visibility to those processes to which the user
already has permission; it does not allow any visibility into kernel state or
activity. With this privilege, users may enable the syscall provider, but the enabled
probes will only activate in processes to which the user has permission. Similarly,
the profile provider may be enabled, but the enabled probes will only activate
in processes to which the user has permission, never in the Solaris kernel.
This privilege permits the use of instrumentation that, while only allowing visibility into
particular processes, can affect overall system performance. The syscall provider has some small
performance impact on every system call for every process. The profile provider affects overall
system performance by executing every time interval, similar to a real-time timer. Neither
of these performance degradations is so great as to severely limit the system's
progress, but system administrators should consider the implications of granting a user this
privilege. Refer to Chapter 21, syscall Provider and Chapter 19, profile Provider for a discussion of the performance impact
of the syscall and profile providers.
