Never been to TextSnippets before?

Snippets is a public source code repository. Easily build up your personal collection of code snippets, categorize them with tags / keywords, and share them with the world (or not, you can keep them private!)

Dtrace proc and Dtrace user in solaris zones

Entirely quoted from Dan Price at http://www.opensolaris.org/jive/thread.jspa?threadID=7224&tstart=0



Here's how to use this functionality:

# zonecfg -z myzone
zonecfg:myzone> set limitpriv=default,dtrace_proc,dtrace_user
zonecfg:myzone> ^D

# zoneadm -z myzone boot

# zlogin myzone
myzone# dtrace -l
...

myzone# plockstat -Ap `pgrep startd`
...

Note that either or both of the dtrace_proc and dtrace_user privileges
may be granted to a zone, but dtrace_kernel may not be (zoneadm will
enforce this). The lack of dtrace_kernel means that not every DTrace
script will work, since kernel state is not available to DTrace inside
of a zone; but we think this represents a good start.

Additional virtualization work has been done to ensure that data from
other zones is not visible inside the zone, and to ensure that the
interactions with other relevant privileges (proc_owner and proc_zone)
behave as expected.
to by jason2 on Sun Aug 20 20:31:11 +0000 2006

You need to create an account or log in to post comments to this site.