A lot of people love going to the casino. Many of those wish they could experience that thrill at work as well. As your friendly neighborhood systems admin you probably want to help them out. In this case that will take a couple of steps:
Enabling Systemtap on your system
The thrill of the casino requires Systemtap to be available on your system:
If you do not want a compiler, debuginfo packages, and other development crap
on your productions machines you can compile systemtap modules on one system,
then deploy them to other systems and run them with the
staprun command from
Creating the module
Create the following file as
Feel free to lower the
999999 number to make the module more fun.
Run the module
Either make the file you just created executable, or run the following command:
What it does
One in a million file accesses that would normal succeed will now get a permission denied error.
Why it works
Systemtap allows probes to be attached in many, many places, both in the kernel
and in userspace. When running in Guru mode (
-g) variables can be altered as
well from within those probes.
In our script we attach to the exit of the kernel
may_open function. If that
call would normally return success we now return error -13 (Permission Denied)
based on a chance of 0.0001%.