The runpd command is a debugging utitlity intended for use by administrators and developers. runpd turns on the priv_debug process attribute and executes the program specified by command. The command process inherits the priv_debug process attribute from runpd, and privilege-checking logs are generated for it. The logs list privileges that command needed to succeed, but lacked. args is the optional set of arguments passed as input to command.
runpd must be invoked from the Trusted Path.
To enable privilege debugging with runpd, the tsol_privs_debug kernel variable in /etc/system must be set to 1, and entries for kern.debug, daemon.debug, and local0.debug must be uncommented in the /etc/syslog.conf file, as in:
The string kern.debug enables privilege debugging of an application's use of system calls. The local0.debug and daemon.debug strings enable debugging of privileges interpreted by system daemons (for example, the
sys_trans_label privilege and X window calls). Multiple strings are separated by semicolons.
Execute command with the trusted_path process attribute. This option is useful when testing a program (command) that requires the attribute.
The log will include all privilege debugging records from this and previous executions of runpd.
The log will include any privilege debugging records generated by command or its descendants. runpd looks for all process IDs that are greater than or equal to that of command. Since process IDs can wrap and child processes may not terminate before command terminates, some entries may not be displayed. Use -a to display all records.
runpd returns the exit code it receives from command.
See attributes(5) for descriptions of the following attributes:
|ATTRIBUTE TYPE||ATTRIBUTE VALUE|
These interfaces are uncommitted. Although they are not expected to change between minor releases of the Trusted Solaris environment, they may.