1

I have tried to add myself to stapdev and stapusr in order to run stap without sudo. I'm trying to run a simple example but getting an error as such:

$ groups
gokce adm cdrom sudo dip plugdev lpadmin sambashare stapdev stapusr
$ cat hello.stp
probe begin
{
  print ("hello world\\n")
  exit ()
}
$ stap hello.stp
Warning: /usr/bin/staprun exited with status: 1
Pass 5: run failed.  Try again with another '--vp 00001' option.

using sudo it seems to work fine:

$ sudo stap hello.stp
hello world

How can I do this?

NOTE

I'm using an ubuntu 12.04 system and installed systemtap package

EDIT

$ ls -la /usr/bin | grep staprun
-rwsr-x---  1 root   stapusr   148712 Jan 30  2012 staprun
fche
  • 2,641
  • 20
  • 28
none
  • 11,793
  • 9
  • 51
  • 87
  • 1
    Is your staprun binary setuid-root? – fche Feb 19 '13 at 14:41
  • 1
    @fche added the permissions to the question – none Feb 19 '13 at 14:56
  • This is sounding a little bit familiar. About a year ago, we heard reports that on ubuntu, staprun was able to start, but for some reason unable to fork/exec the associated (unprivileged) stapio program. We could not identify what ubuntu-specific kernel/security setting was responsible. – fche Feb 19 '13 at 15:20
  • @fche hmm, I'm aware that ubuntu has been tinkering with the whole multiuser thing. anything interesting from [this page](https://wiki.ubuntu.com/SecurityTeam/Roadmap/KernelHardening) – none Feb 19 '13 at 15:40
  • Checked that, but nothing jumped out. I'd try diagnosing it by siccing some tracing at the kernel fork/exec paths, and watch staprun trying to fork/exec stapio. – fche Feb 19 '13 at 18:39
  • ubuntu precise's version of systemtap (1.6) is too old to be useful anyway. I built a version out of systemtap git according to the README instructions in there, and (after pushing fixes for some small problems), it worked fine. That included the stapdev/stapusr business. – fche Feb 20 '13 at 02:18
  • @fche what about user space tracing? [this page](http://sourceware.org/systemtap/wiki/SystemtapOnUbuntu) says that I'm gonna need utrace in order to use user space tracing which is added only after in 12.10. That's why I have been trying to install 12.10 on a virtual machine but I had some other irrelevant error. – none Feb 20 '13 at 05:46
  • The bottom of that wiki page indicates kernel 3.5 as per ubuntu 12.04 contains uprobes, and it does work with git systemtap. – fche Feb 20 '13 at 15:35
  • @fche I'm scared to play with my kernel version on my main. meanwhile I got the error on 12.10 virtual machine (something like `.config` not found, installed a few `linux-headers` packages and now it's working). but now it stap gives an error when it tries to compile a module. also it turned out I will need to add debugging symbols in my user space program which kinds of defeats my purpose. I will implement a simple pintool instead. – none Feb 20 '13 at 16:53
  • This is getting way off topic of the question, but what can you do with pintool with no symbol/debuginfo for your programs? – fche Feb 21 '13 at 20:43
  • @fche I just needed to trace a function call and read one of its arguments, took me just 100 lines of codes. all done without the debug switch (`-g`). symbols are still there without the debug switch, I believe debug switch adds some extra ones which I didn't require. – none Feb 21 '13 at 21:16
  • (You might have some symbol data, though with a manly enough compiler/optimizer, you won't catch e.g. inlined or custom-linkage'd functions or their parameters, without full debug data.) Anyway, neat hack, well done. Share please. – fche Feb 23 '13 at 01:07
  • @fche oh I just needed to wrap a specific function so I'm still not sure how to wrap every function in the program. I will eventually share the code once we publish some of the results. It's pretty standard stuff for pintool anyways, infact I copy pasted most of the code from 2 examples coming with the distribution. (p.s they don't charge for non-commercial use if you want to give it a try) – none Feb 23 '13 at 02:04

0 Answers0