* What's new
+- Support for unprivileged users:
+ *****************************************************************************
+ * WARNING!!!!!!!!!!
+ * This feature is EXPERIMENTAL at this time and should be used with care.
+ * This feature allows systemtap kernel modules to be loaded by unprivileged
+ * users. The user interface and restrictions will change as this feature
+ * evolves.
+ *****************************************************************************
+ - Systemtap modules generated from scripts which use a restricted subset of
+ the features available may be loaded by staprun for unprivileged users.
+ Previously, staprun would load modules only for root or for members of the
+ groups stapdev and stapusr.
+ - Using the --unprivileged option on stap enables translation-time checking
+ for use by unprivileged users (see restrictions below).
+ - All modules deemed suitable for use by unprivileged users will be signed
+ by stap (see module signing in release 0.9.8 below).
+ - Modules signed by trusted users and verified by staprun will be loaded by
+ staprun regardless of the user's privilege level.
+ - The system administrator asserts the trustworthiness of a user by running
+ stap-authorize-signing-cert <cert-file> as root, where <cert-file> can
+ be found in ~<user>/.systemtap/ssl/server/stap.cert.
+ - Restrictions are intentionally strict at this time and will be relaxed in
+ the future:
+ - probe points are restricted to:
+ begin, begin(n), end, end(n), error(n), never,
+ timer.{jiffies,s,sec,ms,msec,us,usec,ns,nsec}(n)*, timer.hz(n)
+ - embedded C code is not allowed.
+ - use of tapset functions using embedded C code is restricted.
+ - accessing the kernel memory space is not allowed.
+ - The following command line options may not be used:
+ -g, -I, -D, -R
+ -r may not be used to select a target kernel other than one from
+ /lib/modules/RELEASE/build, where RELEASE is a currently installed kernel
+ release.
+ - The following environment variables may not be set:
+ SYSTEMTAP_RUNTIME, SYSTEMTAP_TAPSET, SYSTEMTAP_DEBUGINFO_PATH
+ - nss and nss-tools are required to use this feature.
+
- Systemwide kernel .function.return (kretprobe) maxactive defaults may
be overridden with the -DKRETACTIVE=nnn parameter.