Is it possible for a process to probe dtrace/perf/etc USDTs for its own process (or even better, process group or uid) without needing elevated privileges or being able to trace processes with other owners? That means no CAP_SYS_ADMIN, no global CAP_BPF (where it can target any process and also probe the kernel), etc.
For this purpose "USDT" means (on Linux) a probe point defined with the DTRACE_PROBE(...) family of macros from SystemTAP's sys/sdt.h or an equivalent.
Why?
I have an extension to send OpenTelemetry trace events from a pre-existing application. It runs in-process in the virtual address space of the postgres processes being traced.
Currently, to send events I have to register various hooks and callbacks, which has a runtime cost, and these aren't available in all code locations of interest.
But the application (PostgreSQL) contains an extensive set of pre-defined userspace static trace points (USDTs). These are basically NOP instructions plus some metadata in a separate ELF section unless they're enabled at runtime so they're basically free.
However, these are only consumed by tools like SystemTAP and perf - they're not easy to expose as OpenTelemetry structured trace spans. Those tools also require high privileges and lots of additional resources to be installed.
Goal
So I'm wondering if I can attach to postgres's own existing tracepoints within my extension, without requiring elevated privileges or special configuration.
I want to dynamically enable some postgres USDT probes from within my postgres extension, consume their output, translate them to OpenTelemetry spans, enrich it with contextual attributes and send them to the collector/forwarder.
Other factors
Because of postgres's multi-processing nature, the extension's self-tracing would probably run as a postgres background worker and would capture trace events for all processes with the same executable and parent process ID. So it would need to be able to trace other processes with the same uid/gid/ppid, not just its own pid. And it'd need to work when the process being traced and the process doing the tracing are hosted within the same unprivileged container (docker, runc/containerd, etc).
But tracing limited to its own process (pid and process virtual address space) would work too. I'd just need a thread per process and some side-channel IPC to get the data to the collector/forwarder worker.
Alternatives explored
The user_events docs don't shed a lot of light on the privileges and access control model, whether reduced privilege requirements are possible when tracing self-owned resources, if/how the feature interacts with pid and user namespaces, etc.
And looks like eBPF privileges are pretty close to all-or-nothing, so it won't work for this use case.
I'm aware that tools like systemtap and various eBPF based utilities can be used to generate otel trace data, but they're difficult to get set up, require highly elevated privileges, and aren't easily restricted to only one target process or process group. Whereas I want to "trace only myself".
I'm wondering if others have already explored this and might know an answer.
Refs
This LPC talk " user-space only uprobes - could (a BPF-based) vDSO help? " discusses userspace-only eBPF but it seems to be focused on efficiency rather than access control and limiting scope.
The "bpftime" tool (github.com/eunomia-bpf/bpftime) looks like it might be promising but it's unclear as yet.
