4.1.3 Destructive Actions

Some DTrace actions are destructive, in that they change the state of the system in some well-defined way. Destructive actions may not be used unless they have been explicitly enabled. When using dtrace, you enable destructive actions by using the -w option. If you attempt to perform destructive actions without explicitly enabling them, dtrace fails with a message similar to the following:

dtrace: failed to enable 'syscall': destructive actions not allowed

Process-destructive actions are destructive only to a particular process. Whereas, kernel-destructive actions are destructive to the entire system. Therefore, these actions must be used extremely carefully, as such actions affect every process on the system and any other system, implicitly or explicitly, depending upon the affected system's network services.

The following information pertains to both process-destructive and kernel-destructive actions.