This is the mail archive of the
systemtap@sources.redhat.com
mailing list for the systemtap project.
Re: separating policy and mechanism
brad.chen wrote:
> > OK but recall my note during the face-to-face meeting that we need to
> > consider people reusing each other's script fragments in a way that
> > avoids automatically blessing those reused scripts as trusted.
>
> I don't see the conflict; re-used code would go into end-user
> scripts, not into tapset definitions, and so would not be trusted.
Sort of: My point was that it's a matter of point of view: one
person's reusable script fragment can be another person's "tapset", in
much the way that perl libraries can build upon one another. Safety
privilege boundaries need not match reuse boundaries. (This is a
parallel to the observation that safety privilege boundaries also need
not match a user's classification into "performance tweaker" versus
"kernel debugger".)
> I'm assuming that creating trusted code would require something like
> building all of Systemtap from source [...]
Only a one of the possible tapset extension mechanisms is actually
likely to require the translator or runtime to be rebuilt. I just
committed a partial new tapset section in the archpaper directory,
which may finally illuminate the promise of script-only tapsets.
- FChE