0 Replies Latest reply: Jun 25, 2012 11:05 AM by 945658 RSS

    D-Trace - Solaris zone

    945658
      Hi

      We have configured a Solaris zone to enable D-Trace functionality.

      OS: SunOS vmsdev21dtrace1 5.10 Generic_147440-01 sun4v sparc SUNW,SPARC-Enterprise-T5220

      We have been using D-Trace to monitor user activity (directory/file access..) on several Solaris 10 based servers, which consist of Global Solaris Zone servers.

      D-Trace works perfectly when run on the Global Zone servers however, it runs into several problems when run in Solaris Zone containers.

      The problem we are experiencing when D-Trace is run in a Solaris zone is that the built in D-Trace macro “cwd” fails to execute as expected; throwing the following error:

      dtrace: error on enabled probe ID 3 (ID 4569: syscall::open64:return): invalid kernel access in action #2 at DIF offset 0

      To put the error message into context, I have included the following code snippet:

      syscall::open64:entry
      /
      arg0 > 0
      /
      {
      this->file=cleanpath(copyinstr(arg0));
      }

      syscall::open64:return
      /
      uid == trace_uid_0 && execname != "bash"
      /
      {
      printf("File READ: %s\n",this->file);
      printf("CWD: %s",cwd);

      this->file="";
      }

      As can be seen I am simply doing a printf ‘cwd’ to detect whenever a user reads a file in the syscall::open64:return call.

      Once the printf("CWD: %s",cwd); line is removed from the code, the D-Trace script works as expected.

      Taking all this into account; is this is a bug in D-Trace or due to the fact that we are trying to get it to run in a virtualized platform ?

      Furthermore, is there a workaround we could try to capture the CWD, bearing in mind the number of providers within a Solaris Zone we have to work with is limited.

      Thanks.

      Ricky