Solaris Internals: Solaris 10 and OpenSolaris Kernel Architecture (2nd Edition)

5.5.9. Using DTrace for Tracking Privileges

DTrace provides probes that allow us to trace privilege checks and privilege errors, which allow us to monitor privilege events in our own scriptable way.^[5] The probes are

^[5] A tool is available to demonstrate tracing privilege events from dtrace, called privdebug. It is available from http://www.opensolaris.org/os/community/security/projects/privdebug

# dtrace -ln 'sdt:::priv*' ID PROVIDER MODULE FUNCTION NAME 9206 sdt genunix priv_policy_only priv-ok 9207 sdt genunix priv_policy_choice priv-ok 9208 sdt genunix priv_policy priv-ok 9209 sdt genunix priv_policy_only priv-err 9210 sdt genunix priv_policy_choice priv-err 9211 sdt genunix priv_policy_err priv-err