Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

execsnoop no longer runs on Solaris 11.3 #3

Open
athompso opened this issue Jun 8, 2016 · 4 comments
Open

execsnoop no longer runs on Solaris 11.3 #3

athompso opened this issue Jun 8, 2016 · 4 comments

Comments

@athompso
Copy link

athompso commented Jun 8, 2016

This issue is inherited from Brendan's code, so this is more documenting for the record, but...
In the master branch, execsnoop monitors two tracepoints on line 158: syscall::exec:return and syscall::exece:return.
In Solaris 11, syscall::exec:return is renamed to fbt:s10_brand_s10_exec:return. Therefore, the script does not run as-is in a Solaris 11 native zone (including the global zone). It should still work properly from inside a Solaris 10 branded zone.
@athompso
Copy link
Author

athompso commented Jun 8, 2016

(A patch will be forthcoming if I ever figure out how to detect this at runtime.)

@athompso
Copy link
Author

athompso commented Jun 8, 2016

Quick fix: remove syscall::exec:return from that line and leave syscall::exece:return.

Replacing it with s10_exec:return causes double output, as s10_exec in turn now merely calls syscall::exec.

@athompso
Copy link
Author

athompso commented Jun 8, 2016

Confirmed that the solaris 11.3 package "dtt-toolkit" is still covered by the CDDL per the License file included in said package. Package details here for preservation:

root@t4-1:~# pkg list dtrace-toolkit
NAME (PUBLISHER)                                  VERSION                    IFO
system/dtrace/dtrace-toolkit                      0.99-0.175.3.0.0.30.0      i--
root@t4-1:~# pkg info dtrace-toolkit
          Name: system/dtrace/dtrace-toolkit
       Summary: DTraceToolkit 0.99
   Description: The DTraceToolkit is a collection of useful, documented DTrace
                scripts
      Category: Development/System
         State: Installed
     Publisher: solaris
       Version: 0.99
 Build Release: 5.11
        Branch: 0.175.3.0.0.30.0
Packaging Date: 21 August, 2015 03:50:44 PM
          Size: 2.91 MB
          FMRI: pkg://solaris/system/dtrace/[email protected],5.11-0.175.3.0.0.30.0:20150821T155044Z
root@t4-1:~# head /usr/dtrace/DTT/License

COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0


      1. Definitions.

            1.1. ▒Contributor▒ means each individual or entity that
            creates or contributes to the creation of Modifications.

            1.2. ▒Contributor Version▒ means the combination of the

@athompso athompso mentioned this issue Jun 8, 2016
Open
@athompso
Copy link
Author

athompso commented Jun 8, 2016

Patch contained in Pull Request #4 (#4).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@athompso