ktrace: Describe CAPFAIL trace point in man page

Update the ktrace(1) man page to describe the recently improved capability failure tracing. Approved by: markj (mentor) Reviewed by: markj MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D44886
2026-06-09 08:43:19 -04:00 · 2024-04-23 19:25:16 -05:00 · 2024-04-23 19:25:16 -05:00 · 4f2ada0d88
commit 4f2ada0d88
parent a8acc2bf56
1 changed files with 18 additions and 2 deletions
--- a/usr.bin/ktrace/ktrace.1
+++ b/usr.bin/ktrace/ktrace.1
@ -25,7 +25,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd August 26, 2019
+.Dd April 20, 2024
 .Dt KTRACE 1
 .Os
 .Sh NAME
@ -151,6 +151,21 @@ The
 and
 .Ar command
 options are mutually exclusive.
+.Sh CAPABILITY VIOLATION TRACING
+When the
+.Cm p
+trace point is specified,
+.Nm
+will record
+.Xr capsicum 4
+capability mode violations made by the traced process.
+Violations will be logged regardless of whether the process has actually
+entered capability mode.
+.Pp
+For developers that are interested in Capsicumizing their programs, the
+.Cm c , n , p
+trace points can help quickly identify any system calls and path lookups that
+are triggering violations.
 .Sh EXAMPLES
 Run "make", then trace it and any child processes:
 .Dl $ ktrace -i make
@ -183,7 +198,8 @@ Disable tracing of all user-owned processes:
 .Xr kdump 1 ,
 .Xr truss 1 ,
 .Xr ktrace 2 ,
-.Xr utrace 2
+.Xr utrace 2 ,
+.Xr capsicum 4
 .Sh HISTORY
 The
 .Nm