* [Bug runtime/15193] New: assigned_user_credentials = pr_stapdev
@ 2013-02-25 16:21 henrik at kaarposoft dot dk
2013-02-25 16:24 ` [Bug runtime/15193] " henrik at kaarposoft dot dk
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: henrik at kaarposoft dot dk @ 2013-02-25 16:21 UTC (permalink / raw)
To: systemtap
http://sourceware.org/bugzilla/show_bug.cgi?id=15193
Bug #: 15193
Summary: assigned_user_credentials = pr_stapdev
Product: systemtap
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: runtime
AssignedTo: systemtap@sourceware.org
ReportedBy: henrik@kaarposoft.dk
Classification: Unclassified
Systemtap version 2.1.
I have created a small systemtap script and compiled with "stap
--privilege=stapsys".
As root, I can "staprun" the script just fine.
As root I have installed the script in "/lib/modules/`uname -r`/systemtap".
If I try "staprun" as a user in groups staprun and stapsys (but NOT stapdev), I
get this error message:
ERROR: Your privilege credentials (stapdev) are insufficient to run this module
(stapsys required).
I find this a bit strange, as the user is NOT a member of stapdev as claimed,
but the user IS a member of stapsys as required.
The above scenario was working way back with systemtap version 1.8, but is now
failing with 2.1.
I looked at commit 429a4963, which introduced this around line 756 in
staprun/staprun_funcs.c:
if (assigned_user_credentials)
assigned_user_credentials = pr_stapdev;
If I change this to
assigned_user_credentials |= pr_stapdev;
the above scenario works like a charm.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug runtime/15193] assigned_user_credentials = pr_stapdev
2013-02-25 16:21 [Bug runtime/15193] New: assigned_user_credentials = pr_stapdev henrik at kaarposoft dot dk
@ 2013-02-25 16:24 ` henrik at kaarposoft dot dk
2013-02-25 16:25 ` henrik at kaarposoft dot dk
2013-02-28 19:26 ` brolley at redhat dot com
2 siblings, 0 replies; 4+ messages in thread
From: henrik at kaarposoft dot dk @ 2013-02-25 16:24 UTC (permalink / raw)
To: systemtap
http://sourceware.org/bugzilla/show_bug.cgi?id=15193
--- Comment #1 from Henrik <henrik at kaarposoft dot dk> 2013-02-25 16:23:55 UTC ---
See also:
http://sourceware.org/ml/systemtap/2013-q1/msg00186.html
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug runtime/15193] assigned_user_credentials = pr_stapdev
2013-02-25 16:21 [Bug runtime/15193] New: assigned_user_credentials = pr_stapdev henrik at kaarposoft dot dk
2013-02-25 16:24 ` [Bug runtime/15193] " henrik at kaarposoft dot dk
@ 2013-02-25 16:25 ` henrik at kaarposoft dot dk
2013-02-28 19:26 ` brolley at redhat dot com
2 siblings, 0 replies; 4+ messages in thread
From: henrik at kaarposoft dot dk @ 2013-02-25 16:25 UTC (permalink / raw)
To: systemtap
http://sourceware.org/bugzilla/show_bug.cgi?id=15193
Henrik <henrik at kaarposoft dot dk> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |henrik at kaarposoft dot dk
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug runtime/15193] assigned_user_credentials = pr_stapdev
2013-02-25 16:21 [Bug runtime/15193] New: assigned_user_credentials = pr_stapdev henrik at kaarposoft dot dk
2013-02-25 16:24 ` [Bug runtime/15193] " henrik at kaarposoft dot dk
2013-02-25 16:25 ` henrik at kaarposoft dot dk
@ 2013-02-28 19:26 ` brolley at redhat dot com
2 siblings, 0 replies; 4+ messages in thread
From: brolley at redhat dot com @ 2013-02-28 19:26 UTC (permalink / raw)
To: systemtap
http://sourceware.org/bugzilla/show_bug.cgi?id=15193
Dave Brolley <brolley at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
CC| |brolley at redhat dot com
AssignedTo|systemtap at sourceware dot |brolley at redhat dot com
|org |
--- Comment #2 from Dave Brolley <brolley at redhat dot com> 2013-02-28 19:26:07 UTC ---
staprun was actually loading the module, but it passed a user privilege level
of pr_stapdev to the module as the user's privilege level. Since pr_stapdev
does not contain pr_stapsys, the module's self checking code determined that
the user did not have sufficient privileges to run it, and so it aborted.
staprun should have passed a privilege level of pr_all to the module, ensuring
that all modules within the special directory can be run by all users. More
accurately, the user must at a minimum be a member of stapusr, since staprun
itself can only be run by root or members of that group.
commit 019e44d6bf7137af289412f35f28be5938acfb62 implements this fix.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2013-02-28 19:26 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-02-25 16:21 [Bug runtime/15193] New: assigned_user_credentials = pr_stapdev henrik at kaarposoft dot dk
2013-02-25 16:24 ` [Bug runtime/15193] " henrik at kaarposoft dot dk
2013-02-25 16:25 ` henrik at kaarposoft dot dk
2013-02-28 19:26 ` brolley at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).