Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 20 Aug 2025 10:46:23 GMT
From:      Mateusz Piotrowski <0mp@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: b09a75d675dc - stable/14 - dtrace.1: Document security.bsd.allow_destructive_dtrace
Message-ID:  <202508201046.57KAkN54058176@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch stable/14 has been updated by 0mp:

URL: https://cgit.FreeBSD.org/src/commit/?id=b09a75d675dcaa9a1e5dcc63f7cfbb5df85419e6

commit b09a75d675dcaa9a1e5dcc63f7cfbb5df85419e6
Author:     Mateusz Piotrowski <0mp@FreeBSD.org>
AuthorDate: 2025-08-01 15:23:20 +0000
Commit:     Mateusz Piotrowski <0mp@FreeBSD.org>
CommitDate: 2025-08-20 10:46:18 +0000

    dtrace.1: Document security.bsd.allow_destructive_dtrace
    
    PR:             288284
    Reviewed by:    bcr, markj
    MFC after:      3 days
    Sponsored by:   Klara, Inc.
    Differential Revision:  https://reviews.freebsd.org/D51633
    
    (cherry picked from commit 1acfb873cf2e59f9ddf53602cbc67fa810c878a6)
---
 cddl/contrib/opensolaris/cmd/dtrace/dtrace.1 | 25 ++++++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

diff --git a/cddl/contrib/opensolaris/cmd/dtrace/dtrace.1 b/cddl/contrib/opensolaris/cmd/dtrace/dtrace.1
index 0603a32da5e2..eafc25f187d5 100644
--- a/cddl/contrib/opensolaris/cmd/dtrace/dtrace.1
+++ b/cddl/contrib/opensolaris/cmd/dtrace/dtrace.1
@@ -20,7 +20,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd July 16, 2025
+.Dd July 30, 2025
 .Dt DTRACE 1
 .Os
 .Sh NAME
@@ -537,6 +537,17 @@ option is not specified,
 .Nm
 does not permit the compilation or enabling of a D program that contains
 destructive actions.
+.Pp
+Set the
+.Va security.bsd.allow_destructive_dtrace
+.Xr loader 8
+tunable
+to
+.Ql 0
+to disallow the possibility of enabling destructive actions system-wide at any point at all.
+Any attempts to enable destructive actions will cause
+.Nm
+to exit with a runtime error.
 .It Fl x Ar arg Op Ns = Ns value
 Enable or modify a DTrace runtime option or D compiler option.
 Boolean options are enabled by specifying their name.
@@ -1219,6 +1230,18 @@ failed or that the specified request could not be satisfied.
 .It 2
 Invalid command line options or arguments were specified.
 .El
+.Sh DIAGNOSTICS
+.Bl -diag
+.It dtrace: could not enable tracing: Permission denied
+This can happen when
+.Nm
+fails to enable destructive actions because
+.Va security.bsd.allow_destructive_dtrace
+is set to
+.Ql 0
+in
+.Xr loader.conf 5 .
+.El
 .Sh SEE ALSO
 .Xr cpp 1 ,
 .Xr dtrace_audit 4 ,

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202508201046.57KAkN54058176>