From nobody Fri Aug 1 15:24:23 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4btqVv3kv7z640XV; Fri, 01 Aug 2025 15:24:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4btqVv35Vqz3t42; Fri, 01 Aug 2025 15:24:23 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1754061863; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=P/JTODy3btLW79M9QRvCu+ZrfdXeUR1wiXsF2UN8Rdg=; b=IkdDLtJ1vSlZG/4cjNnoQqlPZL0xX6l9S7bFJ8YfO4+srj9p/U3sIU7E2RtrGTuI6RrbQi zFfE3tzJpaCPiTeXb33+gHrUW8hwJ2I/IW26uurEmJCRLFpXfntUOb0PHfZUYLiPWuOIG5 mW1Sak7ArcP5wFupV7LcaifBEHmt+SPHumwAjhp9KYhouq9Gymt3u8+24EYeOt5fNCGjnb T3MzqjVePWKAQGlM+Mp0U/S3IQCKvZuPLOB74tpeiXMV6Do1ikZ6mYNff4FEdgl2BAueZ9 UmtPHVabF2M6xu5xcMe6n9bPYcxC/futG7kSy8WydgGF/vpZy2M9PPi/4qlb3g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1754061863; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=P/JTODy3btLW79M9QRvCu+ZrfdXeUR1wiXsF2UN8Rdg=; b=WzLbNEJynndlf+TxrOTxhPwiRb5jTOhMl3zX9nWUuegaZi2c5ZjyeaGP7F4GjEC1iqCLRd N1bHkHLSkvD8qek2RMnerqYXt17sayuH5YdS8jYcY7PrM74iy69DSDzLHJz0UFMjwcwTkf niepQPLHywIcTdbn3npfncCIH//WQS3PIyQPB/k0mZUkvkXcWgZ6VOlf94/qwBwXpUIQuu xo1Te6+6pV1coKynvAC6Rs1hnUqdJnLf+5isslay9WrQfh4r1oXIBYy/wIUJx6S7PlSof0 fu/Zkuq/oaWKgM8rEub97/K9T74vGpRAjBoj4J4sDPX/MB85AApJqn8g3RYU7A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1754061863; a=rsa-sha256; cv=none; b=PQ+rpcQYRnUYk7a4QUEmYbDdnosoVkV7r+y5IvJaMz4GHgxIdboPi33uWOxR5/VgybHccL KZH91uezzvVvlwMmW3Mkn8IvqO1ZihBH2x6T8Un4IS64tzAw6F3Q2R2RgeneQaoja2B1gl TI8W+CI1XKiLJNTTJHq7JSfD5xV73EdagbRojT3DIv6Y57j4kZJ/QVWMPnaUAt+tFjKYff 9lqPok76AXveIsJRVcPNfzv8jE33E5TooVw39MBrvgWD1O7qf9zF77iOlWrRcZtb2+dKYa +jNS03hP9PUCwU/KKMArGXUyk73Hh5MCZCMQiguqa0Qv/HJyriC1f702/nTHAw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4btqVv2gjjztJh; Fri, 01 Aug 2025 15:24:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 571FON4O070695; Fri, 1 Aug 2025 15:24:23 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 571FONLG070692; Fri, 1 Aug 2025 15:24:23 GMT (envelope-from git) Date: Fri, 1 Aug 2025 15:24:23 GMT Message-Id: <202508011524.571FONLG070692@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mateusz Piotrowski <0mp@FreeBSD.org> Subject: git: 1acfb873cf2e - main - dtrace.1: Document security.bsd.allow_destructive_dtrace List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: 0mp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 1acfb873cf2e59f9ddf53602cbc67fa810c878a6 Auto-Submitted: auto-generated The branch main has been updated by 0mp: URL: https://cgit.FreeBSD.org/src/commit/?id=1acfb873cf2e59f9ddf53602cbc67fa810c878a6 commit 1acfb873cf2e59f9ddf53602cbc67fa810c878a6 Author: Mateusz Piotrowski <0mp@FreeBSD.org> AuthorDate: 2025-08-01 15:23:20 +0000 Commit: Mateusz Piotrowski <0mp@FreeBSD.org> CommitDate: 2025-08-01 15:23:20 +0000 dtrace.1: Document security.bsd.allow_destructive_dtrace PR: 288284 Reviewed by: bcr, markj MFC after: 3 days Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D51633 --- cddl/contrib/opensolaris/cmd/dtrace/dtrace.1 | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/cddl/contrib/opensolaris/cmd/dtrace/dtrace.1 b/cddl/contrib/opensolaris/cmd/dtrace/dtrace.1 index da8cbd9ffe50..e263b936700d 100644 --- a/cddl/contrib/opensolaris/cmd/dtrace/dtrace.1 +++ b/cddl/contrib/opensolaris/cmd/dtrace/dtrace.1 @@ -20,7 +20,7 @@ .\" .\" $FreeBSD$ .\" -.Dd July 16, 2025 +.Dd July 30, 2025 .Dt DTRACE 1 .Os .Sh NAME @@ -537,6 +537,17 @@ option is not specified, .Nm does not permit the compilation or enabling of a D program that contains destructive actions. +.Pp +Set the +.Va security.bsd.allow_destructive_dtrace +.Xr loader 8 +tunable +to +.Ql 0 +to disallow the possibility of enabling destructive actions system-wide at any point at all. +Any attempts to enable destructive actions will cause +.Nm +to exit with a runtime error. .It Fl x Ar arg Op Ns = Ns value Enable or modify a DTrace runtime option or D compiler option. Boolean options are enabled by specifying their name. @@ -1265,6 +1276,18 @@ failed or that the specified request could not be satisfied. .It 2 Invalid command line options or arguments were specified. .El +.Sh DIAGNOSTICS +.Bl -diag +.It dtrace: could not enable tracing: Permission denied +This can happen when +.Nm +fails to enable destructive actions because +.Va security.bsd.allow_destructive_dtrace +is set to +.Ql 0 +in +.Xr loader.conf 5 . +.El .Sh SEE ALSO .Xr cpp 1 , .Xr dwatch 1 ,