Discussion:
dtrace scripts not working
Diego Lima
2008-12-02 14:38:41 UTC
Permalink
Hello,

I have solaris 10 machine and I was trying out dtrace. I downloaded some
scripts (iotop, errorinfo, prustat) and they all show this error:

dtrace: invalid probe specifier

along with other errors such as:

probe description dtrace:::BEGIN does not match any probes (iotop)
probe description syscall:::return does not match any probes (errorinfo)

I'm running dtrace from inside a zone and SUNWdtrc is properly installed.
Any ideas as to what is going on?

Thank you!

Diego Lima
Angelo Rajadurai
2008-12-02 16:39:10 UTC
Permalink
Hi Diego:

Interestingly this same issue came up on another alias today.
Amjad Khan responded with the following detailed and useful
suggestion. Hope this helps you as well.

<Amjad's message>
When a zone is created in the kernel there is a default set of "safe"
privileges which are used as a mask for all processes that run inside
the zone. These privileges are "safe" in the sense that a privileged
process in the zone cannot affect processes in other non-global zones
on the system or in the global zone. Many of the "unsafe" privileges
are ones which affect a global resource, such as the Real Time(RT),
system clock or physical memory.

A number of customers have requested the ability to augment this
default set of privileges with the understanding that changes in the
zone's privilege set may open up a security window or allow processes
in one zone to be able to affect processes in other zones by being
able to control a global resource. The Solaris development team
decided to leave the default set of privileges for a non-global zone
unchanged. In order to specify a different privilege mask, a zonecfg
global property is introduced, "limitpriv", which is modeled after the
key of the same name in the user_attr database. The property value
should be a comma-separated privilege set as specified by
priv_str_to_set. The "dtrace_proc" privilege has been introduced to
delegate a privilege to a zone so that dtrace can be used within a non-
global zone. One should be able to modify the zone configuration for
the existing zone or set the privilege at the time of creating new zone.

% zonecfg -z zonetest1
For only dtrace privilege
% zonecfg:zonetest1> set
limitpriv="default,dtrace_proc,dtrace_user"
% zonecfg:zonetest1> info => listing, not the newly added
privilege is listed
% zonecfg:zonetest1>verify
% zonecfg:zonetest1>commit

NOTE: The zone would need to be restarted for this to take effect if
the existing running zone is modified. Privileges are added to non-
global zones by the global zone administrator only.

Once the dtrace privilege is delegated to a zone then you should be
able to use it in that particular non-global zone.


Hope this helps

Angelo
Post by Diego Lima
Hello,
I have solaris 10 machine and I was trying out dtrace. I downloaded
dtrace: invalid probe specifier
probe description dtrace:::BEGIN does not match any probes (iotop)
probe description syscall:::return does not match any probes
(errorinfo)
I'm running dtrace from inside a zone and SUNWdtrc is properly
installed. Any ideas as to what is going on?
Thank you!
Diego Lima
_______________________________________________
dtrace-discuss mailing list
Continue reading on narkive:
Loading...