On Tue, Jul 16, 2019 at 03:26:52PM -0700, Alexei Starovoitov wrote:
On Tue, Jul 16, 2019 at 05:30:50PM -0400, Joel Fernandes wrote:
I also thought about the pinning idea before, but we also want to add support for not just raw tracepoints, but also regular tracepoints (events if you will). I am hesitant to add a new BPF API just for creating regular tracepoints and then pinning those as well.
and they should be done through the pinning as well.
Hmm ok, I will give it some more thought.
I don't see why a new bpf node for a trace event is a bad idea, really.
See the patches for kprobe/uprobe FD-based api and the reasons behind it. tldr: text is racy, doesn't scale, poor security, etc.
Is it possible to use perf without CAP_SYS_ADMIN and control security at the per-event level? We are selective about who can access which event, using selinux. That's how our ftrace-based tracers work. Its fine grained per-event control. That's where I was going with the tracefs approach since we get that granularity using the file system.
Thanks.