[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: dtrace
|
From: |
Björn Bidar |
|
Subject: |
Re: dtrace |
|
Date: |
Tue, 21 Jan 2025 03:10:12 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) |
Gerd Möllmann <gerd.moellmann@gmail.com> writes:
> Björn Bidar <bjorn.bidar@thaodan.de> writes:
>
>> Would it possible to limit the scope with a wrapper in whatever
>> instances which has the capabilities? I don't know about dtrace
>> but for ptrace there is CAP_SYS_PTRACE.
>>
>> Another option would be to use polkit to limit the access of the
>> wrapper, e.g. by asking pkexec to start the wrapper. Using capabilities
>> plus polkit without pkexec to only check for the permission would
>> require the least amount of permissions.
>
> AFAIK, macOS doesn't have Linux capabilities(7).
There is probably something similar for Darwin/Mach. As long there is
abstraction in the implementation supporting different kernels in such
an implementation shouldn't be an issue.
The only requirement would be that such a kernel wouldn't behave
completely different when providing capabilities.
There's also Capsicum from FreeBSD (patches available for other BSD's).
I don't know if XNU offers something like it.
- Re: dtrace, (continued)
- Re: dtrace, Eli Zaretskii, 2025/01/16
- Re: dtrace, Gerd Möllmann, 2025/01/16
- Re: dtrace, Eli Zaretskii, 2025/01/16
- Re: dtrace, Gerd Möllmann, 2025/01/16
- Re: dtrace, Eli Zaretskii, 2025/01/16
- Re: dtrace, Gerd Möllmann, 2025/01/16
- Re: dtrace, Eli Zaretskii, 2025/01/16
- Re: dtrace, Gerd Möllmann, 2025/01/16
- Re: dtrace, Björn Bidar, 2025/01/18
- Message not available
- Re: dtrace, Gerd Möllmann, 2025/01/18
- Re: dtrace,
Björn Bidar <=
- Message not available
- Re: dtrace, Gerd Möllmann, 2025/01/20
- Re: dtrace, Richard Stallman, 2025/01/18
dtrace, Jordan Ellis Coppard, 2025/01/17