From owner-freebsd-desktop@FreeBSD.ORG Tue Jan 20 07:56:07 2015 Return-Path: Delivered-To: freebsd-desktop@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8D4E9A17 for ; Tue, 20 Jan 2015 07:56:07 +0000 (UTC) Received: from icp-osb-irony-out2.external.iinet.net.au (icp-osb-irony-out2.external.iinet.net.au [203.59.1.218]) by mx1.freebsd.org (Postfix) with ESMTP id 15C673CD for ; Tue, 20 Jan 2015 07:56:06 +0000 (UTC) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AhIFAJAJvlQ6BqlF/2dsb2JhbABbgwaDYMsQQwEBAQEBfYRNYwQUEyF6h34BE6pIpAaQFoQTBYx6glGIJIEVhTELg0qIECKBRQEBCAIBgi4sgnQBAQE X-IronPort-AV: E=Sophos;i="5.09,432,1418054400"; d="scan'208";a="294423997" Received: from unknown (HELO novaskorpio.net.net) ([58.6.169.69]) by icp-osb-irony-out2.iinet.net.au with ESMTP; 20 Jan 2015 15:56:03 +0800 Date: Tue, 20 Jan 2015 17:56:01 +1000 From: unisal To: freebsd-desktop@freebsd.org Subject: kern_securelevel & X11 Message-ID: <20150120175601.36d9cedb@novaskorpio.net.net> X-Mailer: Claws Mail 3.11.1 (GTK+ 2.24.25; amd64-portbld-freebsd11.0) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-desktop@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Using and improving FreeBSD on the desktop List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Jan 2015 07:56:07 -0000 Hi all, after my first experience with FreeBSD, I felt the necessity to exchange some experience ( ... and actually ask to whom is experienced). I have installed, successfully, FreeBSD 11.0 CURRENT (standard kernel) with MATE. All worked and IS working fine. My idea was to satisfy basic needs : print, scan, web life (... why not all in the same time !). After same core-file which didn't affect the system, I tryed to follow a BSDGuides- Hardening FreeBSD (2005 ??!). Almost all worked as expected but kern_securelevel in rc.conf gave me same troubles. As I said "I am a beginner". A quick look in the "main" book online in the main site and I understood my problem. Inspite of the big red warning in the book, I opened a xterm and I wrote : sysctl kern_securelevel=0. I worked for a while and I decided to modify rc.conf: reboot and trouble. Again modified rc.conf as was before: all fine. with the idea to crash the system I send a command: sysctl kern_securelevel=1. I have been working for 5 hours (stressing as possible the system). Has someone else had similar experience ? I wouldn't have expected any better. I have a long experience with GNU/Linux DEBIAN and I am not afraid to read; I really appreciate links or suggestions hoping not to bore no one. Many Thanks to all in advance. Sal. From owner-freebsd-desktop@FreeBSD.ORG Wed Jan 21 00:48:21 2015 Return-Path: Delivered-To: freebsd-desktop@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B581E48B for ; Wed, 21 Jan 2015 00:48:21 +0000 (UTC) Received: from mail-oi0-x22e.google.com (mail-oi0-x22e.google.com [IPv6:2607:f8b0:4003:c06::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7D64B7DA for ; Wed, 21 Jan 2015 00:48:21 +0000 (UTC) Received: by mail-oi0-f46.google.com with SMTP id a141so9368705oig.5 for ; Tue, 20 Jan 2015 16:48:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=6FYAQqXQx9sXCZh5Xn/IQNSagKLQxwY6oQ9dP8+mCTE=; b=K7x5jUArH/nSLG70jfZXJJeveT7nbWhH/0c8lwoN9w5R0u9rOgar0NZf54HvHtGP4K b45PU41ypYXQHqT/nBJoCyp3TRY9h7+AUWJTPMJvMN2SNL2PAE2/DrsGnQO9SNhmb77n fI2gVmSO/91JOGsz7c0lsuAJEUGC4rWWwwM+Q1GLOMBGGb+uOoNVB0/DhMrDHfsv4LsN z3Ta+qeCQD2fkkU+mCmP6YxLryUooGVfV6wP8Bk5gjeiu+Kt8VJ5WySJO5hglRSQceKT ZkSjmCeBhLXeNDO2PvkRMZTAp329OotoWmDV9Uklh6cROV9gy10Ig+e7bpbIwZyQC0o3 10qA== X-Received: by 10.60.144.194 with SMTP id so2mr23334215oeb.65.1421801300624; Tue, 20 Jan 2015 16:48:20 -0800 (PST) Received: from epsilon.local (99-13-115-50.lightspeed.stlsmo.sbcglobal.net. [99.13.115.50]) by mx.google.com with ESMTPSA id l200sm2582245oig.26.2015.01.20.16.48.19 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 20 Jan 2015 16:48:20 -0800 (PST) Message-ID: <54BEF752.3040204@gmail.com> Date: Tue, 20 Jan 2015 18:48:18 -0600 From: Kevin Zheng User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: freebsd-desktop@freebsd.org Subject: Re: kern_securelevel & X11 References: <20150120175601.36d9cedb@novaskorpio.net.net> In-Reply-To: <20150120175601.36d9cedb@novaskorpio.net.net> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-desktop@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Using and improving FreeBSD on the desktop List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jan 2015 00:48:21 -0000 Hi Sal, Thanks for giving FreeBSD a whirl! On 01/20/2015 01:56, unisal wrote: > I have installed, successfully, FreeBSD 11.0 CURRENT (standard > kernel) with MATE. All worked and IS working fine. > My idea was to satisfy basic needs : print, scan, web life (... why > not all in the same time !). After same core-file which didn't affect > the system, I tryed to follow a BSDGuides- Hardening FreeBSD (2005 ??!). > Almost all worked as expected but kern_securelevel in rc.conf gave me > same troubles. As I said "I am a beginner". A quick look in the > "main" book online in the main site and I understood my problem. > Inspite of the big red warning in the book, I opened a xterm and I > wrote : sysctl kern_securelevel=0. > I worked for a while and I decided to modify rc.conf: reboot and > trouble. Again modified rc.conf as was before: all fine. securelevel is a security mechanism implemented in the kernel that enforces certain runtime restrictions. You can read more here: https://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/security.html#idp60127184 Setting kern_securelevel in '/etc/rc.conf' does not change the securelevel of a running system, only the boot-time default. > with the idea to crash the system I send a command: sysctl > kern_securelevel=1. If you want to raise the securelevel on a running system: sysctl kern.securelevel=1 (Note the period instead of the underscore.) Also keep in mind that funny things *might* happen when running Xorg on a system with elevated securelevel. Xorg needs to access system memory, which is denied at higher securelevels. Best, Kevin Zheng -- Kevin Zheng kevinz5000@gmail.com | kevinz@kd0lgh.mooo.com | PGP: 0xC22E1090 From owner-freebsd-desktop@FreeBSD.ORG Wed Jan 21 07:40:08 2015 Return-Path: Delivered-To: freebsd-desktop@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C11FBA88 for ; Wed, 21 Jan 2015 07:40:08 +0000 (UTC) Received: from icp-osb-irony-out9.external.iinet.net.au (icp-osb-irony-out9.external.iinet.net.au [203.59.1.226]) by mx1.freebsd.org (Postfix) with ESMTP id 46E08337 for ; Wed, 21 Jan 2015 07:40:07 +0000 (UTC) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AiAFAChXv1Q6BqlF/2dsb2JhbABbgwaBKoI2yXMCgSBDAQEBAQF9hA0BBAE6RAsLCQQUExIPEjYZiBcBAwkHy28NhHyNT4FZAQFWFoQTBYx6glGGYAGBQ4ZGg1WCH4VxIoFFgjssMYEMgTcBAQE X-IronPort-AV: E=Sophos;i="5.09,440,1418054400"; d="scan'208";a="587024220" Received: from unknown (HELO novaskorpio.net.net) ([58.6.169.69]) by icp-osb-irony-out9.iinet.net.au with ESMTP; 21 Jan 2015 15:39:59 +0800 Date: Wed, 21 Jan 2015 17:39:57 +1000 From: unisal To: freebsd-desktop@freebsd.org Subject: Re: kern_securelevel & X11 Message-ID: <20150121173957.0f95b1f2@novaskorpio.net.net> In-Reply-To: <54BEF752.3040204@gmail.com> References: <20150120175601.36d9cedb@novaskorpio.net.net> <54BEF752.3040204@gmail.com> X-Mailer: Claws Mail 3.11.1 (GTK+ 2.24.25; amd64-portbld-freebsd11.0) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-desktop@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Using and improving FreeBSD on the desktop List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jan 2015 07:40:08 -0000 On Tue, 20 Jan 2015 18:48:18 -0600 Kevin Zheng wrote: > Hi Sal, > > Thanks for giving FreeBSD a whirl! > Hi Kevin, > > Also keep in mind that funny things *might* happen when running Xorg > on a system with elevated securelevel. Xorg needs to access system > memory, which is denied at higher securelevels. > ... yeah "*might* happen" but did not. Assuming that the final result is the same either midifing /etc/rc.conf or on the run (#sysctl ...) I have choisen the second because the first method did not let the kernel load the firmware for my graphic card. Anyway, just to live dangerously, I was using X11 (Office,Tor,Mail,CUPS,Xsane) tring to crash it, which didn't happen. For an instable FreeBSD version is no too bad. I simply thought to share this aiming to create an howto for a Desktop FreeBSD version and attract more people toward FreeBSD. > Best, > Kevin Zheng > Cheers Kevin. Sal 0x341A63CC p.s.: Thanks Scott