Date: Fri, 1 Aug 2025 15:24:23 GMT From: Mateusz Piotrowski <0mp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 1acfb873cf2e - main - dtrace.1: Document security.bsd.allow_destructive_dtrace Message-ID: <202508011524.571FONLG070692@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by 0mp: URL: https://cgit.FreeBSD.org/src/commit/?id=1acfb873cf2e59f9ddf53602cbc67fa810c878a6 commit 1acfb873cf2e59f9ddf53602cbc67fa810c878a6 Author: Mateusz Piotrowski <0mp@FreeBSD.org> AuthorDate: 2025-08-01 15:23:20 +0000 Commit: Mateusz Piotrowski <0mp@FreeBSD.org> CommitDate: 2025-08-01 15:23:20 +0000 dtrace.1: Document security.bsd.allow_destructive_dtrace PR: 288284 Reviewed by: bcr, markj MFC after: 3 days Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D51633 --- cddl/contrib/opensolaris/cmd/dtrace/dtrace.1 | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/cddl/contrib/opensolaris/cmd/dtrace/dtrace.1 b/cddl/contrib/opensolaris/cmd/dtrace/dtrace.1 index da8cbd9ffe50..e263b936700d 100644 --- a/cddl/contrib/opensolaris/cmd/dtrace/dtrace.1 +++ b/cddl/contrib/opensolaris/cmd/dtrace/dtrace.1 @@ -20,7 +20,7 @@ .\" .\" $FreeBSD$ .\" -.Dd July 16, 2025 +.Dd July 30, 2025 .Dt DTRACE 1 .Os .Sh NAME @@ -537,6 +537,17 @@ option is not specified, .Nm does not permit the compilation or enabling of a D program that contains destructive actions. +.Pp +Set the +.Va security.bsd.allow_destructive_dtrace +.Xr loader 8 +tunable +to +.Ql 0 +to disallow the possibility of enabling destructive actions system-wide at any point at all. +Any attempts to enable destructive actions will cause +.Nm +to exit with a runtime error. .It Fl x Ar arg Op Ns = Ns value Enable or modify a DTrace runtime option or D compiler option. Boolean options are enabled by specifying their name. @@ -1265,6 +1276,18 @@ failed or that the specified request could not be satisfied. .It 2 Invalid command line options or arguments were specified. .El +.Sh DIAGNOSTICS +.Bl -diag +.It dtrace: could not enable tracing: Permission denied +This can happen when +.Nm +fails to enable destructive actions because +.Va security.bsd.allow_destructive_dtrace +is set to +.Ql 0 +in +.Xr loader.conf 5 . +.El .Sh SEE ALSO .Xr cpp 1 , .Xr dwatch 1 ,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202508011524.571FONLG070692>