When I try to run dtruss on a command line program (freshclam) I see:
$ sudo dtruss -a /usr/local/bin/freshclam 2>&1 | tee ~/tmp/dtruss.out dtrace: system integrity protection is on, some features will not be available
dtrace: failed to execute /usr/local/bin/freshclam: DTrace cannot instrument translated processes
I did some research and found advice on how to enable dtrace use via running:
csrutil enable --without dtrace
in a terminal running in macOS recovery mode. When I do that I see a warning saying this is an unsupported configuration and that it will allow unsigned kernel modules to be loaded. This is not what I want, I just want to run dtruss on a program while keeping all the other SIP protections in place. Why can't I just use sudo to grant the privileges for dtrace to work? All of this has me wondering if Apple intends for developers to use dtruss/dtrace in the current macOS?