This discussion is archived
0 Replies Latest reply: Jun 25, 2012 9:05 AM by 945658 RSS

D-Trace - Solaris zone

945658 Newbie
Currently Being Moderated
Hi

We have configured a Solaris zone to enable D-Trace functionality.

OS: SunOS vmsdev21dtrace1 5.10 Generic_147440-01 sun4v sparc SUNW,SPARC-Enterprise-T5220

We have been using D-Trace to monitor user activity (directory/file access..) on several Solaris 10 based servers, which consist of Global Solaris Zone servers.

D-Trace works perfectly when run on the Global Zone servers however, it runs into several problems when run in Solaris Zone containers.

The problem we are experiencing when D-Trace is run in a Solaris zone is that the built in D-Trace macro “cwd” fails to execute as expected; throwing the following error:

dtrace: error on enabled probe ID 3 (ID 4569: syscall::open64:return): invalid kernel access in action #2 at DIF offset 0

To put the error message into context, I have included the following code snippet:

syscall::open64:entry
/
arg0 > 0
/
{
this->file=cleanpath(copyinstr(arg0));
}

syscall::open64:return
/
uid == trace_uid_0 && execname != "bash"
/
{
printf("File READ: %s\n",this->file);
printf("CWD: %s",cwd);

this->file="";
}

As can be seen I am simply doing a printf ‘cwd’ to detect whenever a user reads a file in the syscall::open64:return call.

Once the printf("CWD: %s",cwd); line is removed from the code, the D-Trace script works as expected.

Taking all this into account; is this is a bug in D-Trace or due to the fact that we are trying to get it to run in a virtualized platform ?

Furthermore, is there a workaround we could try to capture the CWD, bearing in mind the number of providers within a Solaris Zone we have to work with is limited.

Thanks.

Ricky

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points