kern_securelevel & X11
Kevin Zheng
kevinz5000 at gmail.com
Wed Jan 21 00:48:21 UTC 2015
Hi Sal,
Thanks for giving FreeBSD a whirl!
On 01/20/2015 01:56, unisal wrote:
> I have installed, successfully, FreeBSD 11.0 CURRENT (standard
> kernel) with MATE. All worked and IS working fine.
> My idea was to satisfy basic needs : print, scan, web life (... why
> not all in the same time !). After same core-file which didn't affect
> the system, I tryed to follow a BSDGuides- Hardening FreeBSD (2005 ??!).
> Almost all worked as expected but kern_securelevel in rc.conf gave me
> same troubles. As I said "I am a beginner". A quick look in the
> "main" book online in the main site and I understood my problem.
> Inspite of the big red warning in the book, I opened a xterm and I
> wrote : sysctl kern_securelevel=0.
> I worked for a while and I decided to modify rc.conf: reboot and
> trouble. Again modified rc.conf as was before: all fine.
securelevel is a security mechanism implemented in the kernel that
enforces certain runtime restrictions. You can read more here:
https://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/security.html#idp60127184
Setting kern_securelevel in '/etc/rc.conf' does not change the
securelevel of a running system, only the boot-time default.
> with the idea to crash the system I send a command: sysctl
> kern_securelevel=1.
If you want to raise the securelevel on a running system:
sysctl kern.securelevel=1
(Note the period instead of the underscore.)
Also keep in mind that funny things *might* happen when running Xorg on
a system with elevated securelevel. Xorg needs to access system memory,
which is denied at higher securelevels.
Best,
Kevin Zheng
--
Kevin Zheng
kevinz5000 at gmail.com | kevinz at kd0lgh.mooo.com | PGP: 0xC22E1090
More information about the freebsd-desktop
mailing list