dtrace_proc Privilege

The dtrace_proc privilege permits use of the pid and fasttrap providers for process-level tracing. It also allows the use of the following actions and variables:

Providers

pid

Actions

copyin

copyout

stop

copyinstr

raise

ustack

Variables

execname

pid

uregs

Address Spaces

User

This privilege does not grant any visibility to Solaris kernel data structures or to processes for which the user does not have permission.

Users with this privilege may create and enable probes in processes that they own. If the user also has the proc_owner privilege, probes may be created and enabled in any process. The dtrace_proc privilege is intended for users interested in the debugging or performance analysis of user processes. This privilege is ideal for a developer working on a new application or an engineer trying to improve an application's performance in a production environment.

Note

Users with the dtrace_proc and proc_owner privileges may enable any pid probe from any process, but can only create probes in processes whose privilege set is a subset of their own privilege set. Refer to the Least Privilege documentation for complete details.

The dtrace_proc privilege allows access to DTrace that can impose a performance penalty only on those processes to which the user has permission. The instrumented processes will impose more of a load on the system resources, and as such it may have some small impact on the overall system performance. Aside from this increase in overall load, this privilege does not allow any instrumentation that impacts performance for any processes other than those being traced. As this privilege grants users no additional visibility into other processes or the kernel itself, it is recommended that this privilege be granted to all users that may need to better understand the inner-workings of their own processes.