Date: Mon, 26 May 2014 16:31:36 +0300 From: Vladimir Sharun <atz@ukr.net> To: Current FreeBSD <freebsd-current@freebsd.org> Subject: gpart destroy, zpool destroy, zfs destroy under securelevel 3 Message-ID: <1401109957.895077023.n4pnr8ak@frv45.fwdcdn.com>
next in thread | raw e-mail | index | archive | help
Hello FreeBSD community, Recently plays with securelevel and what I discover: no chance for data to survive against remote root, except backups of course. Maybe this log can be a proposal for raising securelevel further or include securelevel support against the software which can deal with zfs and GEOM labels ? root@tests:~ # sysctl kern.securelevel=3 kern.securelevel: -1 -> 3 root@tests:~ # gpart show ada3 gpart: No such geom: ada3. root@tests:~ # gpart create -s gpt /dev/ada3 ada3 created root@tests:~ # gpart add -t freebsd-zfs -l testdisk -a4k /dev/ada3 ada3p1 added root@tests:~ # gpart show /dev/ada3 => 34 1953525101 ada3 GPT (932G) 34 6 - free - (3.0K) 40 1953525088 1 freebsd-zfs (932G) 1953525128 7 - free - (3.5K) root@tests:~ # zpool create testpool /dev/gpt/testdisk root@tests:~ # zpool status testpool pool: testpool state: ONLINE scan: none requested config: NAME STATE READ WRITE CKSUM testpool ONLINE 0 0 0 gpt/testdisk ONLINE 0 0 0 errors: No known data errors root@tests:~ # zfs create testpool/test1 root@tests:~ # zfs list | grep test system/test2 144K 1.78T 144K none testpool 150K 913G 32K /testpool testpool/test1 31K 913G 31K /testpool/test1 root@tests:~ # zfs create testpool/test1 root@tests:~ # zpool destroy testpool root@tests:~ # zpool status testpool cannot open 'testpool': no such pool root@tests:~ # gpart show /dev/ada3 => 34 1953525101 ada3 GPT (932G) 34 6 - free - (3.0K) 40 1953525088 1 freebsd-zfs (932G) 1953525128 7 - free - (3.5K) root@tests:~ # gpart delete -i 1 /dev/ada3 ada3p1 deleted root@tests:~ # gpart destroy /dev/ada3 ada3 destroyed root@tests:~ # gpart show /dev/ada3 gpart: No such geom: /dev/ada3. root@tests:~ # sysctl kern.securelevel kern.securelevel: 3
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1401109957.895077023.n4pnr8ak>