Index: sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c
===================================================================
--- sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c
+++ sys/cddl/contrib/opensolaris/uts/common/dtrace/dtrace.c
@@ -157,6 +157,10 @@
  * /etc/system.
  */
 int		dtrace_destructive_disallow = 0;
+#ifndef illumos
+/* Positive logic version of dtrace_destructive_disallow for loader tunable */
+int		dtrace_allow_destructive = 1;
+#endif
 dtrace_optval_t	dtrace_nonroot_maxsize = (16 * 1024 * 1024);
 size_t		dtrace_difo_maxsize = (256 * 1024);
 dtrace_optval_t	dtrace_dof_maxsize = (8 * 1024 * 1024);
Index: sys/cddl/dev/dtrace/dtrace_load.c
===================================================================
--- sys/cddl/dev/dtrace/dtrace_load.c
+++ sys/cddl/dev/dtrace/dtrace_load.c
@@ -52,6 +52,19 @@
 	int i;
 #endif
 
+#ifndef illumos
+	/*
+	 * DTrace uses negative logic for the destructive mode switch, so it
+	 * is required to translate from the sysctl which uses positive logic.
+	 */ 
+	TUNABLE_INT_FETCH("security.bsd.allow_destructive_dtrace",
+	    &dtrace_allow_destructive);
+	if (dtrace_allow_destructive)
+		dtrace_destructive_disallow = 0;
+	else
+		dtrace_destructive_disallow = 1;
+#endif
+
 	/* Hook into the trap handler. */
 	dtrace_trap_func = dtrace_trap;
 
Index: sys/cddl/dev/dtrace/dtrace_sysctl.c
===================================================================
--- sys/cddl/dev/dtrace/dtrace_sysctl.c
+++ sys/cddl/dev/dtrace/dtrace_sysctl.c
@@ -92,3 +92,6 @@
 
 SYSCTL_QUAD(_kern_dtrace, OID_AUTO, helper_actions_max, CTLFLAG_RW,
     &dtrace_helper_actions_max, 0, "maximum number of allowed helper actions");
+
+SYSCTL_INT(_security_bsd, OID_AUTO, allow_destructive_dtrace, CTLFLAG_RDTUN,
+    &dtrace_allow_destructive, 1, "Allow destructive mode DTrace scripts");