From owner-freebsd-security Tue Jan 9 1:47:12 2001 Delivered-To: freebsd-security@freebsd.org Received: from serenity.mcc.ac.uk (serenity.mcc.ac.uk [130.88.200.93]) by hub.freebsd.org (Postfix) with ESMTP id E94F137B400 for ; Tue, 9 Jan 2001 01:46:52 -0800 (PST) Received: from dogma.freebsd-uk.eu.org ([130.88.200.97]) by serenity.mcc.ac.uk with esmtp (Exim 2.05 #4) id 14FvMi-0008ur-00 for freebsd-security@freebsd.org; Tue, 9 Jan 2001 09:46:52 +0000 Received: (from rasputin@localhost) by dogma.freebsd-uk.eu.org (8.11.1/8.11.1) id f099kph24086 for freebsd-security@freebsd.org; Tue, 9 Jan 2001 09:46:51 GMT (envelope-from rasputin) Date: Tue, 9 Jan 2001 09:46:51 +0000 From: Rasputin To: freebsd-security@freebsd.org Subject: Running X in securelevels > 0 ? Message-ID: <20010109094651.A24037@dogma.freebsd-uk.eu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Morning all and Happy New Year. Has anyone managed to get X working in securelevel 1? I get errors when it tries to open /dev/io, which isn't that surprising (from man init): " 1 Secure mode - the system immutable and system append-only flags may not be turned off; disks for mounted filesystems, /dev/mem, and /dev/kmem may not be opened for writing; kernel modules (see kld(4)) may not be loaded or unloaded." But I was talking to an OpenBSD user over the weekend who said that 2.7 somehow manages to reserve access to certsain devices by running some kind of wrapper before the securelevel is used (although that may be bull). Has anybody managed this, or have any references for the OpenBSD way of doing it? Thanks. -- Rasputin Jack of All Trades :: Master of Nuns To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message