переводчик / драйвер скрипта systemtap (systemtap script translator/driver)
ALTERNATE RUNTIMES
As described above, systemtap's default runtime mode involves
building and loading kernel modules, with various security
tradeoffs presented. Systemtap now includes two new prototype
backends: --runtime=dyninst and --runtime=bpf.
--runtime=dyninst uses Dyninst to instrument a user's own
processes at runtime. This backend does not use kernel modules,
and does not require root privileges, but is restricted with
respect to the kinds of probes and other constructs that a script
may use. dyninst runtime operates in target-attach mode, so it
does require a -c COMMAND or -x PID process. For example:
stap --runtime=dyninst -c 'stap -V' \
-e 'probe process.function("main")
{ println("hi from dyninst!") }'
It may be necessary to disable a conflicting selinux check with
# setsebool allow_execstack 1
--runtime=bpf compiles the user script into extended Berkeley
Packet Filter (eBPF) programs instead of a kernel module. eBPF
programs are verified by the kernel for safety and are executed
by an in-kernel virtual machine. This runtime is in an early
stage of development and currently lacks support for a number of
features available in the default runtime. Please see the
stapbpf(8) man page for more information.
