The dtrace_user
privilege permits use of the profile
and syscall
providers with some caveats, and the use of the following actions and variables:
Providers |
|
|
|
Actions |
|
|
|
|
|
| |
Variables |
|
|
|
Address Spaces |
User |
|
|
The dtrace_user
privilege provides only visibility to those processes to which the user already has permission; it does not allow any visibility into kernel state or activity. With this privilege, users may enable the syscall
provider, but the enabled probes will only activate in processes to which the user has permission. Similarly, the profile
provider may be enabled, but the enabled probes will only activate in processes to which the user has permission, never in the Solaris kernel.
This privilege permits the use of instrumentation that, while only allowing visibility into particular processes, can affect overall system performance. The syscall
provider has some small performance impact on every system call for every process. The profile
provider affects overall system performance by executing every time interval, similar to a real-time timer. Neither of these performance degradations is so great as to severely limit the system's progress, but system administrators should consider the implications of granting a user this privilege. Refer to Chapter 21, syscall
Provider and Chapter 19, profile
Provider for a discussion of the performance impact of the syscall
and profile
providers.