From nobody Wed Aug 20 10:50:08 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4c6NWh6RVmz64lhY; Wed, 20 Aug 2025 10:50:08 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4c6NWh4lyBz45My; Wed, 20 Aug 2025 10:50:08 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1755687008; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=AAx9VdBKDcWUzbFo3a2EQEeRKcF3J8+a9B/nB/Kdpig=; b=KduuoAjGlmJKwI2Wd2V2bQrwy67XXUpNzKWqBYzwowk7/3Hi+D3xK11TP19W+c9oRhqZPK fBJ5OSlH6jNIHJ/UXACaUR2himRs5A1GNDG3XU77dHR2EBb/JrZiP7xqlDyA2sVwDPSGo8 KJOY0VaPqD2ukOEHD8u4g3SIJROjQ8rpkRUlnXBAvxcDiZ+JrmL81fXI2ACXvm/P7qEM4q bobGvq3enxJbGlk/inT+4m4sBR+cdtQk4R+oTxn1/AI5kf4kYsqfAtYMzN/7M8n8vtAn4D FvYw8JpPE3GlcEm/CMJ67gh5iC4p+9C+uWHZNB04lP85O0Z/8rwul6+JzSSziA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1755687008; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=AAx9VdBKDcWUzbFo3a2EQEeRKcF3J8+a9B/nB/Kdpig=; b=eIHrHreOnEf1NCYj6p8+YBsxB+Rqgv2MnWLeujJssaB5JJywMngE3Zr9ebBfFXlaLVivV7 T/zkZxzbNlOozBPiSvsWRr/zeHPeozHKPugP/CUBfqtNVwNLa/SIiLuZhdwPmVJcIrOvkS d5LJ2l3CbvZr2okJETf/ZDO2oITAXngBgfd9UELBKRCIKB3kkbLBDWsRSLw5SqAqHFXY8f MjaZ6beIxSLx/UqbfHBkkrhPiIXHE0k1O+WTEi7KVZ1U754MsssExbGMONvQqOGvaVbJIK B11JmzuVfXiCU5KY18dzoE3D5f+SUWGM/kNjnhLqEaZj82RoZZtoxuhG3mnWRg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1755687008; a=rsa-sha256; cv=none; b=CMAheFdDJXfF0YgTN6RW2g2sJCFo0g80N41jKmY0QkES9QWExRPkpDXrb9OAsVICEWArQr uvn9tSiu/qrD0fBEXMglZxmPN3nGXIQIG9eVuFGoeAeAzzU0DHaeB2hBEt3+lRAC9lpur/ 5t0fwNMXyl50hSc4EQx2ZRQ9Vsgs01YmQckibXptncFfpj69epajB1H3/xfLZm9hdStJDM OK/Vfii9ZpctQ9xAC+4h1HkP73fXMc2U3XcNm1bls8il70sz7vaoRFLwc0oYSQZAaYbWPO RCGfKsJ8SQTBTecYfdBjaOC2ZjLN88gqlIVnxhdJdtl66mf8PBGeCQpWSks90Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4c6NWh4MHxz193W; Wed, 20 Aug 2025 10:50:08 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 57KAo88U062917; Wed, 20 Aug 2025 10:50:08 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 57KAo8JL062912; Wed, 20 Aug 2025 10:50:08 GMT (envelope-from git) Date: Wed, 20 Aug 2025 10:50:08 GMT Message-Id: <202508201050.57KAo8JL062912@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Mateusz Piotrowski <0mp@FreeBSD.org> Subject: git: e84d5425bf53 - stable/13 - dtrace.1: Document security.bsd.allow_destructive_dtrace List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: 0mp X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: e84d5425bf533c61d00aaa8e52f505d328f4b02d Auto-Submitted: auto-generated The branch stable/13 has been updated by 0mp: URL: https://cgit.FreeBSD.org/src/commit/?id=e84d5425bf533c61d00aaa8e52f505d328f4b02d commit e84d5425bf533c61d00aaa8e52f505d328f4b02d Author: Mateusz Piotrowski <0mp@FreeBSD.org> AuthorDate: 2025-08-01 15:23:20 +0000 Commit: Mateusz Piotrowski <0mp@FreeBSD.org> CommitDate: 2025-08-20 10:49:10 +0000 dtrace.1: Document security.bsd.allow_destructive_dtrace PR: 288284 Reviewed by: bcr, markj MFC after: 3 days Sponsored by: Klara, Inc. Differential Revision: https://reviews.freebsd.org/D51633 (cherry picked from commit 1acfb873cf2e59f9ddf53602cbc67fa810c878a6) --- cddl/contrib/opensolaris/cmd/dtrace/dtrace.1 | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/cddl/contrib/opensolaris/cmd/dtrace/dtrace.1 b/cddl/contrib/opensolaris/cmd/dtrace/dtrace.1 index 609bf00655e7..a98d851b9998 100644 --- a/cddl/contrib/opensolaris/cmd/dtrace/dtrace.1 +++ b/cddl/contrib/opensolaris/cmd/dtrace/dtrace.1 @@ -20,7 +20,7 @@ .\" .\" $FreeBSD$ .\" -.Dd July 16, 2025 +.Dd July 30, 2025 .Dt DTRACE 1 .Os .Sh NAME @@ -517,6 +517,17 @@ option is not specified, .Nm does not permit the compilation or enabling of a D program that contains destructive actions. +.Pp +Set the +.Va security.bsd.allow_destructive_dtrace +.Xr loader 8 +tunable +to +.Ql 0 +to disallow the possibility of enabling destructive actions system-wide at any point at all. +Any attempts to enable destructive actions will cause +.Nm +to exit with a runtime error. .It Fl x Ar arg Op Ns = Ns value Enable or modify a DTrace runtime option or D compiler option. Boolean options are enabled by specifying their name. @@ -803,6 +814,18 @@ failed or that the specified request could not be satisfied. .It 2 Invalid command line options or arguments were specified. .El +.Sh DIAGNOSTICS +.Bl -diag +.It dtrace: could not enable tracing: Permission denied +This can happen when +.Nm +fails to enable destructive actions because +.Va security.bsd.allow_destructive_dtrace +is set to +.Ql 0 +in +.Xr loader.conf 5 . +.El .Sh SEE ALSO .Xr cpp 1 , .Xr dtrace_audit 4 ,