From owner-freebsd-desktop@FreeBSD.ORG Wed Jan 21 00:48:21 2015 Return-Path: Delivered-To: freebsd-desktop@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B581E48B for ; Wed, 21 Jan 2015 00:48:21 +0000 (UTC) Received: from mail-oi0-x22e.google.com (mail-oi0-x22e.google.com [IPv6:2607:f8b0:4003:c06::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7D64B7DA for ; Wed, 21 Jan 2015 00:48:21 +0000 (UTC) Received: by mail-oi0-f46.google.com with SMTP id a141so9368705oig.5 for ; Tue, 20 Jan 2015 16:48:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=6FYAQqXQx9sXCZh5Xn/IQNSagKLQxwY6oQ9dP8+mCTE=; b=K7x5jUArH/nSLG70jfZXJJeveT7nbWhH/0c8lwoN9w5R0u9rOgar0NZf54HvHtGP4K b45PU41ypYXQHqT/nBJoCyp3TRY9h7+AUWJTPMJvMN2SNL2PAE2/DrsGnQO9SNhmb77n fI2gVmSO/91JOGsz7c0lsuAJEUGC4rWWwwM+Q1GLOMBGGb+uOoNVB0/DhMrDHfsv4LsN z3Ta+qeCQD2fkkU+mCmP6YxLryUooGVfV6wP8Bk5gjeiu+Kt8VJ5WySJO5hglRSQceKT ZkSjmCeBhLXeNDO2PvkRMZTAp329OotoWmDV9Uklh6cROV9gy10Ig+e7bpbIwZyQC0o3 10qA== X-Received: by 10.60.144.194 with SMTP id so2mr23334215oeb.65.1421801300624; Tue, 20 Jan 2015 16:48:20 -0800 (PST) Received: from epsilon.local (99-13-115-50.lightspeed.stlsmo.sbcglobal.net. [99.13.115.50]) by mx.google.com with ESMTPSA id l200sm2582245oig.26.2015.01.20.16.48.19 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 20 Jan 2015 16:48:20 -0800 (PST) Message-ID: <54BEF752.3040204@gmail.com> Date: Tue, 20 Jan 2015 18:48:18 -0600 From: Kevin Zheng User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: freebsd-desktop@freebsd.org Subject: Re: kern_securelevel & X11 References: <20150120175601.36d9cedb@novaskorpio.net.net> In-Reply-To: <20150120175601.36d9cedb@novaskorpio.net.net> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-desktop@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Using and improving FreeBSD on the desktop List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jan 2015 00:48:21 -0000 Hi Sal, Thanks for giving FreeBSD a whirl! On 01/20/2015 01:56, unisal wrote: > I have installed, successfully, FreeBSD 11.0 CURRENT (standard > kernel) with MATE. All worked and IS working fine. > My idea was to satisfy basic needs : print, scan, web life (... why > not all in the same time !). After same core-file which didn't affect > the system, I tryed to follow a BSDGuides- Hardening FreeBSD (2005 ??!). > Almost all worked as expected but kern_securelevel in rc.conf gave me > same troubles. As I said "I am a beginner". A quick look in the > "main" book online in the main site and I understood my problem. > Inspite of the big red warning in the book, I opened a xterm and I > wrote : sysctl kern_securelevel=0. > I worked for a while and I decided to modify rc.conf: reboot and > trouble. Again modified rc.conf as was before: all fine. securelevel is a security mechanism implemented in the kernel that enforces certain runtime restrictions. You can read more here: https://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/security.html#idp60127184 Setting kern_securelevel in '/etc/rc.conf' does not change the securelevel of a running system, only the boot-time default. > with the idea to crash the system I send a command: sysctl > kern_securelevel=1. If you want to raise the securelevel on a running system: sysctl kern.securelevel=1 (Note the period instead of the underscore.) Also keep in mind that funny things *might* happen when running Xorg on a system with elevated securelevel. Xorg needs to access system memory, which is denied at higher securelevels. Best, Kevin Zheng -- Kevin Zheng kevinz5000@gmail.com | kevinz@kd0lgh.mooo.com | PGP: 0xC22E1090