I think a good way to handle it would be to have a configuration file like /etc/sudoers and setuid root stap (or staprun). The access control would then be built into systemtap. Here are my ideas of what would make a "good" set of controls: - level of tap script they can run, e.g. guru mode code or not - sections of the kernel they can access (maybe this is better represented as what tapsets may they use) - how much overhead are they allowed to put on the system - are they allowed to look at data for other user's processes - are they allowed to reference line #'s or direct memory addrs I think that it would probably mean having a list created at compile time that indicates what things the resulting modules do. staprun would then create a permissions "mask" for the user and compare it to what is in the module (yeah, ummm, magic happens here?) or maybe when the module loads it looks at it's internal list and the permissions of the calling user (passed in by staprun) and decides if it will run or not. Thanks Mike -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
