This is done by staprun passing a file descriptor for the
/sys/kernel/debug/systemtap/stap_MODULE directory from staprun
(running setuid) to stapio (running unprivileged, previously unable to
traverse to that path itself). This FD passing is done with a new
option -F<fd> for stapio (though by accident staprun also accepts (and
rejects) this option).
Since openat(2) is relatively recent, autoconf macros are used to back
down to graceful failure on older kernels, and to hide the new code.
New staprun always uses -F<fd> to stapio, even if permissions on
/sys/kernel/debug do not require it.
* staprun/common.c (relay_basedir_fd): New variable.
(parse_args): Parse new -F: option.
(usage): Document it.
* staprun/staprun.h: Corresponding changes.
* staprun/ctl.c (init_ctl_channel): Reorganize to try an incoming
relay_basedir_fd first (with a faccessat cross-user check) first.
Try to compute a relay_basedir_fd if not already set.
* staprun/mainloop.c (read_buffer_info): Note ignoring of this PR facility on
RHEL4-era old_transport.
* staprun/relayfs.c (init_relayfs): Attempt to open relay_fd[] using
relay_basedir_fd if specified.
* staprun/stapio.c: Top secret.
* staprun/staprun.c (main): Don't allow staprun itself to take -F, for it
could be misused by a very bad person (tm). However, arrange to pass
it to stapio, if we have incidentally discovered a good relay_basedir_fd.
* staprun/staprun_funcs.c (mountfs): Drop access_debugfs() check at this
point, as init_ctl_channel() will do the check later.
git://sourceware.org / systemtap.git / commit