ktrace.2: Add description of kern.ktrace_suid

[dragonfly.git] / lib / libc / sys / ktrace.2

.\" Copyright (c) 1993
.\"     The Regents of the University of California.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\"    must display the following acknowledgement:
.\"     This product includes software developed by the University of
.\"     California, Berkeley and its contributors.
.\" 4. Neither the name of the University nor the names of its contributors
.\"    may be used to endorse or promote products derived from this software
.\"    without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\"     @(#)ktrace.2    8.1 (Berkeley) 6/4/93
.\" $FreeBSD: src/lib/libc/sys/ktrace.2,v 1.9.2.7 2001/12/14 18:34:01 ru Exp $
.\" $DragonFly: src/lib/libc/sys/ktrace.2,v 1.4 2008/10/16 08:15:18 swildner Exp $
.\"
.Dd November 15, 2009
.Dt KTRACE 2
.Os
.Sh NAME
.Nm ktrace
.Nd process tracing
.Sh LIBRARY
.Lb libc
.Sh SYNOPSIS
.In sys/param.h
.In sys/time.h
.In sys/uio.h
.In sys/ktrace.h
.Ft int
.Fn ktrace "const char *tracefile" "int ops" "int trpoints" "int pid"
.Sh DESCRIPTION
The
.Fn ktrace
function enables or disables tracing of one or more processes.
Users may only trace their own processes.
By default only the super-user can trace setuid or setgid programs.
This restriction can be removed by setting the sysctl
.Va kern.ktrace_suid
to a non-zero value.
.Pp
The
.Fa tracefile
gives the pathname of the file to be used for tracing.
The file must exist and be a regular file writable by the calling process.
All trace records are always appended to the file,
so the file must be truncated to zero length to discard
previous trace data.
If tracing points are being disabled (see KTROP_CLEAR below),
.Fa tracefile
may be NULL.
.Pp
The
.Fa ops
parameter specifies the requested ktrace operation.
The defined operations are:
.Bl -column KTRFLAG_DESCENDXXX -offset indent
.It "KTROP_SET  Enable trace points specified in"
.Fa trpoints .
.It "KTROP_CLEAR        Disable trace points specified in"
.Fa trpoints .
.It "KTROP_CLEARFILE    Stop all tracing."
.It "KTRFLAG_DESCEND    The tracing change should apply to the"
specified process and all its current children.
.El
.Pp
The
.Fa trpoints
parameter specifies the trace points of interest.
The defined trace points are:
.Bl -column KTRFAC_SYSCALLXXX -offset indent
.It "KTRFAC_SYSCALL     Trace system calls."
.It "KTRFAC_SYSRET      Trace return values from system calls."
.It "KTRFAC_NAMEI       Trace name lookup operations."
.It "KTRFAC_GENIO       Trace all I/O (note that this option can"
generate much output).
.It "KTRFAC_PSIG        Trace posted signals."
.It "KTRFAC_CSW Trace context switch points."
.It "KTRFAC_INHERIT     Inherit tracing to future children."
.El
.Pp
Each tracing event outputs a record composed of a generic header
followed by a trace point specific structure.
The generic header is:
.Bd -literal
struct ktr_header {
        int     ktr_len;                /* length of buf */
        short   ktr_type;               /* trace record type */
        pid_t   ktr_pid;                /* process id */
        char    ktr_comm[MAXCOMLEN+1];  /* command name */
        struct  timeval ktr_time;       /* timestamp */
        caddr_t ktr_buf;
};
.Ed
.Pp
The
.Va ktr_len
field specifies the length of the
.Va ktr_type
data that follows this header.
The
.Va ktr_pid
and
.Va ktr_comm
fields specify the process and command generating the record.
The
.Va ktr_time
field gives the time (with microsecond resolution)
that the record was generated.
The
.Va ktr_buf
is an internal kernel pointer and is not useful.
.Pp
The generic header is followed by
.Va ktr_len
bytes of a
.Va ktr_type
record.
The type specific records are defined in the
.In sys/ktrace.h
include file.
.Sh RETURN VALUES
.Rv -std ktrace
.Sh ERRORS
.Fn Ktrace
will fail if:
.Bl -tag -width Er
.It Bq Er ENOTDIR
A component of the path prefix is not a directory.
.It Bq Er ENAMETOOLONG
A component of a pathname exceeded 255 characters,
or an entire path name exceeded 1023 characters.
.It Bq Er ENOENT
The named tracefile does not exist.
.It Bq Er EACCES
Search permission is denied for a component of the path prefix.
.It Bq Er ELOOP
Too many symbolic links were encountered in translating the pathname.
.It Bq Er EIO
An I/O error occurred while reading from or writing to the file system.
.It Bq Er ENOSYS
The kernel was not compiled with
.Nm
support.
.El
.Sh SEE ALSO
.Xr kdump 1 ,
.Xr ktrace 1 ,
.Xr utrace 2
.Sh HISTORY
A
.Fn ktrace
function call first appeared in
.Bx 4.4 .