Feature Name: Systemtap 2.0

Summary

A major new version of systemtap.

Owner

• Name: Frank Ch. Eigler
• Email: fche@redhat.com

Current status

• Targeted release: Fedora 18
• Last updated: 2012-07-24
• Percentage of completion: 90%

Detailed Description

For this next major release of systemtap, the team is hoping to deliver an optional new backend that allows unprivileged users to instrument their programs, without any kernel module building or root privileges.

Benefit to Fedora

Reduction of security attack surface, by less reliance on setuid / kernel facilities. Increased process introspection capability. Higher performance process introspection. Usability by completely unprivileged users.

Scope

Direct impact is limited to this package. However, the <sys/sdt.h> markers embedded in several Fedora libraries and binaries become accessible to more users than before.

How To Test

The packaged testsuite should cover the general capabilities of the tool, to avoid regressions.

User Experience

User experience from prior versions should not change. Completely unprivileged users should become able to instrument their own programs without any kernel- or root-dependent machinations.

Dependencies

Systemtap upstream needs to release 2.0, though by F18 beta, we could package a pre-release snapshot. The DynInst library is now packaged for Fedora rawhide.

Contingency Plan

If the pure-userspace work is not completed in time, the then-newest upstream systemtap can be issued for Fedora 18 (version 1.8, already in fedora-updates), and a later dyninst-capable version would be issued as a future update.

Documentation

TBD. early build/testing instructions

Release Notes

"Systemtap 2.0 includes a new prototype backend, which uses DynInst to instrument a user's own binaries at runtime. This backend does not use kernel modules, and does not require root privileges, but is restricted with respect to the kinds of probes and other constructs that a script may use."

Comments and Discussion

• See Talk:Features/Systemtap2