Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 20 Jan 2015 18:48:18 -0600
From:      Kevin Zheng <kevinz5000@gmail.com>
To:        freebsd-desktop@freebsd.org
Subject:   Re: kern_securelevel & X11
Message-ID:  <54BEF752.3040204@gmail.com>
In-Reply-To: <20150120175601.36d9cedb@novaskorpio.net.net>
References:  <20150120175601.36d9cedb@novaskorpio.net.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hi Sal,

Thanks for giving FreeBSD a whirl!

On 01/20/2015 01:56, unisal wrote:
> I have installed, successfully, FreeBSD 11.0 CURRENT (standard
> kernel) with MATE. All worked and IS working fine. 
> My idea was to satisfy basic needs : print, scan, web life (... why
> not all in the same time !). After same core-file  which didn't affect
> the system, I tryed to follow a BSDGuides- Hardening FreeBSD (2005 ??!).
> Almost all worked as expected but kern_securelevel in rc.conf gave me
> same troubles. As I said "I am a beginner". A quick look in the
> "main" book online in the main site and I understood my problem.
> Inspite of the big red warning in the book, I opened a xterm and I
> wrote : sysctl kern_securelevel=0.
> I worked for a while and I decided to modify rc.conf: reboot and
> trouble. Again modified rc.conf as was before: all fine.

securelevel is a security mechanism implemented in the kernel that
enforces certain runtime restrictions. You can read more here:

https://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/security.html#idp60127184

Setting kern_securelevel in '/etc/rc.conf' does not change the
securelevel of a running system, only the boot-time default.

> with the idea to crash the system I send a command: sysctl
> kern_securelevel=1.

If you want to raise the securelevel on a running system:
sysctl kern.securelevel=1

(Note the period instead of the underscore.)

Also keep in mind that funny things *might* happen when running Xorg on
a system with elevated securelevel. Xorg needs to access system memory,
which is denied at higher securelevels.

Best,
Kevin Zheng

-- 
Kevin Zheng
kevinz5000@gmail.com | kevinz@kd0lgh.mooo.com | PGP: 0xC22E1090

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54BEF752.3040204>