dtrace.1: Document security.bsd.allow_destructive_dtrace

PR:		288284
Reviewed by:	bcr, markj
MFC after:	3 days
Sponsored by:	Klara, Inc.
Differential Revision:	https://reviews.freebsd.org/D51633
This commit is contained in:
Mateusz Piotrowski
2025-08-01 17:23:20 +02:00
parent 04c8bba8c8
commit 1acfb873cf
+24 -1
View File
@@ -20,7 +20,7 @@
.\"
.\" $FreeBSD$
.\"
.Dd July 16, 2025
.Dd July 30, 2025
.Dt DTRACE 1
.Os
.Sh NAME
@@ -537,6 +537,17 @@ option is not specified,
.Nm
does not permit the compilation or enabling of a D program that contains
destructive actions.
.Pp
Set the
.Va security.bsd.allow_destructive_dtrace
.Xr loader 8
tunable
to
.Ql 0
to disallow the possibility of enabling destructive actions system-wide at any point at all.
Any attempts to enable destructive actions will cause
.Nm
to exit with a runtime error.
.It Fl x Ar arg Op Ns = Ns value
Enable or modify a DTrace runtime option or D compiler option.
Boolean options are enabled by specifying their name.
@@ -1265,6 +1276,18 @@ failed or that the specified request could not be satisfied.
.It 2
Invalid command line options or arguments were specified.
.El
.Sh DIAGNOSTICS
.Bl -diag
.It dtrace: could not enable tracing: Permission denied
This can happen when
.Nm
fails to enable destructive actions because
.Va security.bsd.allow_destructive_dtrace
is set to
.Ql 0
in
.Xr loader.conf 5 .
.El
.Sh SEE ALSO
.Xr cpp 1 ,
.Xr dwatch 1 ,