5.5.9. Using DTrace for Tracking PrivilegesDTrace provides probes that allow us to trace privilege checks and privilege errors, which allow us to monitor privilege events in our own scriptable way.[5] The probes are
# dtrace -ln 'sdt:::priv*' ID PROVIDER MODULE FUNCTION NAME 9206 sdt genunix priv_policy_only priv-ok 9207 sdt genunix priv_policy_choice priv-ok 9208 sdt genunix priv_policy priv-ok 9209 sdt genunix priv_policy_only priv-err 9210 sdt genunix priv_policy_choice priv-err 9211 sdt genunix priv_policy_err priv-err |