The dtrace_proc
privilege permits use of the pid
and fasttrap
providers for process-level tracing. It also allows the use of the following actions and variables:
Providers |
| ||
Actions |
|
|
|
|
|
| |
Variables |
|
|
|
Address Spaces |
User |
|
|
This privilege does not grant any visibility to Solaris kernel data structures or to processes for which the user does not have permission.
Users with this privilege may create and enable probes in processes that they own. If the user also has the proc_owner
privilege, probes may be created and enabled in any process. The dtrace_proc
privilege is intended for users interested in the debugging or performance analysis of user processes. This privilege is ideal for a developer working on a new application or an engineer trying to improve an application's performance in a production environment.
Users with the dtrace_proc
and proc_owner
privileges may enable any pid
probe from any process, but can only create probes in processes whose privilege set is a subset of their own privilege set. Refer to the Least Privilege documentation for complete details.
The dtrace_proc
privilege allows access to DTrace that can impose a performance penalty only on those processes to which the user has permission. The instrumented processes will impose more of a load on the system resources, and as such it may have some small impact on the overall system performance. Aside from this increase in overall load, this privilege does not allow any instrumentation that impacts performance for any processes other than those being traced. As this privilege grants users no additional visibility into other processes or the kernel itself, it is recommended that this privilege be granted to all users that may need to better understand the inner-workings of their own processes.