The branch main has been updated by 0mp:
URL:
https://cgit.FreeBSD.org/src/commit/?id=1acfb873cf2e59f9ddf53602cbc67fa810c878a6
commit 1acfb873cf2e59f9ddf53602cbc67fa810c878a6
Author: Mateusz Piotrowski <0...@freebsd.org>
AuthorDate: 2025-08-01 15:23:20 +0000
Commit: Mateusz Piotrowski <0...@freebsd.org>
CommitDate: 2025-08-01 15:23:20 +0000
dtrace.1: Document security.bsd.allow_destructive_dtrace
PR: 288284
Reviewed by: bcr, markj
MFC after: 3 days
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D51633
---
cddl/contrib/opensolaris/cmd/dtrace/dtrace.1 | 25 ++++++++++++++++++++++++-
1 file changed, 24 insertions(+), 1 deletion(-)
diff --git a/cddl/contrib/opensolaris/cmd/dtrace/dtrace.1
b/cddl/contrib/opensolaris/cmd/dtrace/dtrace.1
index da8cbd9ffe50..e263b936700d 100644
--- a/cddl/contrib/opensolaris/cmd/dtrace/dtrace.1
+++ b/cddl/contrib/opensolaris/cmd/dtrace/dtrace.1
@@ -20,7 +20,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd July 16, 2025
+.Dd July 30, 2025
.Dt DTRACE 1
.Os
.Sh NAME
@@ -537,6 +537,17 @@ option is not specified,
.Nm
does not permit the compilation or enabling of a D program that contains
destructive actions.
+.Pp
+Set the
+.Va security.bsd.allow_destructive_dtrace
+.Xr loader 8
+tunable
+to
+.Ql 0
+to disallow the possibility of enabling destructive actions system-wide at any
point at all.
+Any attempts to enable destructive actions will cause
+.Nm
+to exit with a runtime error.
.It Fl x Ar arg Op Ns = Ns value
Enable or modify a DTrace runtime option or D compiler option.
Boolean options are enabled by specifying their name.
@@ -1265,6 +1276,18 @@ failed or that the specified request could not be
satisfied.
.It 2
Invalid command line options or arguments were specified.
.El
+.Sh DIAGNOSTICS
+.Bl -diag
+.It dtrace: could not enable tracing: Permission denied
+This can happen when
+.Nm
+fails to enable destructive actions because
+.Va security.bsd.allow_destructive_dtrace
+is set to
+.Ql 0
+in
+.Xr loader.conf 5 .
+.El
.Sh SEE ALSO
.Xr cpp 1 ,
.Xr dwatch 1 ,
