From: Marc Espie <marc.espie.openbsd@gmail.com>
Subject: examples/sysctl.conf
To: tech@openbsd.org
Date: Tue, 3 Dec 2024 12:08:06 +0100

I always forget about these when I need some instrumentation

Since the ddb knobs are already there, is there an issue to having
more "dangerous" sysctl(8)  that need to happen before securelevel in there ?
...

Index: sysctl.conf
===================================================================
RCS file: /build/data/openbsd/cvs/src/etc/examples/sysctl.conf,v
diff -u -p -r1.5 sysctl.conf
--- sysctl.conf	18 Sep 2019 08:39:06 -0000	1.5
+++ sysctl.conf	3 Dec 2024 11:06:31 -0000
@@ -25,6 +25,8 @@
 #ddb.panic=0			# 0=Do not drop into ddb on a kernel panic
 #ddb.console=1			# 1=Permit entry of ddb from the console
 #ddb.log=1			# 1=Log ddb output in kernel message buffer
+#kern.allowdt=1			# 1=Enable dtrace(8)
+#kern.allowkmem=1		# 1=Enable procmap(8)
 #fs.posix.setuid=0		# 0=Traditional BSD chown() semantics
 #vm.swapencrypt.enable=0	# 0=Do not encrypt pages that go to swap
 #vfs.nfs.iothreads=4		# Number of nfsio kernel threads