On Tue, Jul 16, 2019 at 03:26:52PM -0700, Alexei Starovoitov wrote: > On Tue, Jul 16, 2019 at 05:30:50PM -0400, Joel Fernandes wrote: > > > > I also thought about the pinning idea before, but we also want to add support > > for not just raw tracepoints, but also regular tracepoints (events if you > > will). I am hesitant to add a new BPF API just for creating regular > > tracepoints and then pinning those as well. > > and they should be done through the pinning as well. Hmm ok, I will give it some more thought. > > I don't see why a new bpf node for a trace event is a bad idea, really. > > See the patches for kprobe/uprobe FD-based api and the reasons behind it. > tldr: text is racy, doesn't scale, poor security, etc. Is it possible to use perf without CAP_SYS_ADMIN and control security at the per-event level? We are selective about who can access which event, using selinux. That's how our ftrace-based tracers work. Its fine grained per-event control. That's where I was going with the tracefs approach since we get that granularity using the file system. Thanks.
