From owner-freebsd-jail@freebsd.org Fri May 18 14:16:03 2018 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 556B6EA988F for ; Fri, 18 May 2018 14:16:03 +0000 (UTC) (envelope-from andrnils@gmail.com) Received: from mail-lf0-x243.google.com (mail-lf0-x243.google.com [IPv6:2a00:1450:4010:c07::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id AF38877E9C; Fri, 18 May 2018 14:16:02 +0000 (UTC) (envelope-from andrnils@gmail.com) Received: by mail-lf0-x243.google.com with SMTP id m17-v6so14197223lfj.8; Fri, 18 May 2018 07:16:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=x+RtSI6xznAWycMo4Qjr7uJAsfpXUQ0OwUxT+uZjkRk=; b=HLwC/IdIEMrHAb1roGrXGKELTdHfS1mIGElB7tqSrFElJS0V+HClYo4yhJF9hZ6+cX hp2ZH+DmnaWeC9vUUH8YKywXPGL3e3AHKVdwqEyysJQOe9lHk6T7Fs74QRxLs9RFuOZo xqR4NSOcGtkDNWV4K8JfhvSxVbwS75b4G5rkcJfqUne1/MvaQ8Gxjd9GpJd1qkDyShDl RreaPBfi9j6eQIDGQ/0H0bARIou7J1zR/CSoRurGYzK5b50Jjw4y+vSsfZbqf8fd739m lHiVmTw+Dui6Q2dihY9d2AkF7xCYByYLG/QcFtzbslTK758+sH81YMmsgE4PaWQHGPJ5 sy0w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=x+RtSI6xznAWycMo4Qjr7uJAsfpXUQ0OwUxT+uZjkRk=; b=Xkxwh+avDmORiRg9MwMBirOkoqyRRDGNpB2QJACPzeRR7ZTF5cAB9tkcNeybBT88O2 GymBvnXY0wmoRoCybM4DzBHQmbihgw/vQEV0riEsL4JC0q7hdFe/v4aCoVoSnPhQEBZg QgIswxLH124Kd/f0eHJ1ygpX29cC3FQQDmkpJpMn0bIO74I3yABQhZeYrIOkybfN8wCo VcO+BTCa7vBaEaeFCfRJ8G9cnueaql8/wfZfx4dvH4O3h/d/AyvLVc8+B8N13HfoX/Tg nmiaOH/Dq8KdbUk2LJMoeHidXu9fZIU0mzCVz+OXM4uU7wm6n/SXdxJ1+V8dXlYDW9dI RvEA== X-Gm-Message-State: ALKqPwd6xz3mm9+Nvs+meEWKucFnEUE/HzaE60N7u8D3nlu2FkUJybuI lMvEX4JKhlgxTeEe9VydsDOmBZsZlClcPsJcqpA= X-Google-Smtp-Source: AB8JxZr75GRcubBoFHGsS5Q6VM56/Du8MDggZOzc2IGyL2AtDp9kAo1iHvgxWv5xWSncUEHfIBD65NqDKTA71U4SkOU= X-Received: by 2002:a2e:4949:: with SMTP id b9-v6mr6211024ljd.116.1526652960969; Fri, 18 May 2018 07:16:00 -0700 (PDT) MIME-Version: 1.0 Received: by 10.46.131.76 with HTTP; Fri, 18 May 2018 07:16:00 -0700 (PDT) In-Reply-To: References: From: Andreas Nilsson Date: Fri, 18 May 2018 16:16:00 +0200 Message-ID: Subject: Re: rc.conf kld_list vs kern.securelevel To: Allan Jude Cc: Mailinglists FreeBSD Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.26 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 May 2018 14:16:03 -0000 On Fri, May 18, 2018 at 3:48 PM, Allan Jude wrote: > On 2018-05-18 07:04, Andreas Nilsson wrote: > > Hello, > > > > I recently configured a system where kern.securelevel=1 would be good, > but > > noticed that modules listed in kld_list in rc.conf is then not loaded. > > Would it not be a good to either explicitly state that kld_list cannot be > > used with kern.securelevel, or have kld run before sysctl? > > > > Best regards > > Andreas > > _______________________________________________ > > freebsd-jail@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-jail > > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" > > > > It would seem that kld_list would need to be loaded before sysctl run > anyway, since the sysctl you are trying to set might not exist until the > kernel modules are loaded. Is the securelevel actually set by the sysctl > service? > > -- > Allan Jude > > Hello Seems I managed to send to wrong list :/ Yes, values from sysctl.conf are being applied, i guess by rc.d/sysctl script, so that seems to work. Adding # BEFORE: sysctl to rc.d/kld didn't help, does one have to do anything special to reevaluate rc-script order? Best regards Andreas