[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: dtrace
|
From: |
Gerd Möllmann |
|
Subject: |
Re: dtrace |
|
Date: |
Tue, 21 Jan 2025 05:09:54 +0100 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) |
Björn Bidar <bjorn.bidar@thaodan.de> writes:
> Gerd Möllmann <gerd.moellmann@gmail.com> writes:
>
>> Björn Bidar <bjorn.bidar@thaodan.de> writes:
>>
>>> Would it possible to limit the scope with a wrapper in whatever
>>> instances which has the capabilities? I don't know about dtrace
>>> but for ptrace there is CAP_SYS_PTRACE.
>>>
>>> Another option would be to use polkit to limit the access of the
>>> wrapper, e.g. by asking pkexec to start the wrapper. Using capabilities
>>> plus polkit without pkexec to only check for the permission would
>>> require the least amount of permissions.
>>
>> AFAIK, macOS doesn't have Linux capabilities(7).
>
> There is probably something similar for Darwin/Mach. As long there is
> abstraction in the implementation supporting different kernels in such
> an implementation shouldn't be an issue.
> The only requirement would be that such a kernel wouldn't behave
> completely different when providing capabilities.
>
> There's also Capsicum from FreeBSD (patches available for other BSD's).
> I don't know if XNU offers something like it.
I don't know of something similar to capabilities for macOS. Doesn't
have to mean much, of course, maybe there is something.
- Re: dtrace, (continued)
- Re: dtrace, Gerd Möllmann, 2025/01/16
- Re: dtrace, Eli Zaretskii, 2025/01/16
- Re: dtrace, Gerd Möllmann, 2025/01/16
- Re: dtrace, Eli Zaretskii, 2025/01/16
- Re: dtrace, Gerd Möllmann, 2025/01/16
- Re: dtrace, Eli Zaretskii, 2025/01/16
- Re: dtrace, Gerd Möllmann, 2025/01/16
- Re: dtrace, Björn Bidar, 2025/01/18
- Message not available
- Re: dtrace, Gerd Möllmann, 2025/01/18
- Re: dtrace, Björn Bidar, 2025/01/20
- Message not available
- Re: dtrace,
Gerd Möllmann <=
- Re: dtrace, Richard Stallman, 2025/01/18
dtrace, Jordan Ellis Coppard, 2025/01/17