Date: Tue, 20 Jan 2015 18:48:18 -0600 From: Kevin Zheng <kevinz5000@gmail.com> To: freebsd-desktop@freebsd.org Subject: Re: kern_securelevel & X11 Message-ID: <54BEF752.3040204@gmail.com> In-Reply-To: <20150120175601.36d9cedb@novaskorpio.net.net> References: <20150120175601.36d9cedb@novaskorpio.net.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Sal, Thanks for giving FreeBSD a whirl! On 01/20/2015 01:56, unisal wrote: > I have installed, successfully, FreeBSD 11.0 CURRENT (standard > kernel) with MATE. All worked and IS working fine. > My idea was to satisfy basic needs : print, scan, web life (... why > not all in the same time !). After same core-file which didn't affect > the system, I tryed to follow a BSDGuides- Hardening FreeBSD (2005 ??!). > Almost all worked as expected but kern_securelevel in rc.conf gave me > same troubles. As I said "I am a beginner". A quick look in the > "main" book online in the main site and I understood my problem. > Inspite of the big red warning in the book, I opened a xterm and I > wrote : sysctl kern_securelevel=0. > I worked for a while and I decided to modify rc.conf: reboot and > trouble. Again modified rc.conf as was before: all fine. securelevel is a security mechanism implemented in the kernel that enforces certain runtime restrictions. You can read more here: https://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/security.html#idp60127184 Setting kern_securelevel in '/etc/rc.conf' does not change the securelevel of a running system, only the boot-time default. > with the idea to crash the system I send a command: sysctl > kern_securelevel=1. If you want to raise the securelevel on a running system: sysctl kern.securelevel=1 (Note the period instead of the underscore.) Also keep in mind that funny things *might* happen when running Xorg on a system with elevated securelevel. Xorg needs to access system memory, which is denied at higher securelevels. Best, Kevin Zheng -- Kevin Zheng kevinz5000@gmail.com | kevinz@kd0lgh.mooo.com | PGP: 0xC22E1090
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54BEF752.3040204>