Stop ZFS/opensolaris from autoloading?
Vincent Hoffman-Kazlauskas
vince at unsane.co.uk
Thu May 4 13:56:08 UTC 2017
On 01/05/2017 00:17, Dan Mahoney wrote:
> All,
>
Hi,
> Short of renaming the modules (which breaks upgrades and is
> unpredictable) is there any easy way to stop a system from auto-loading
> the ZFS modules?
>
> We've got some memory-constrained systems and the concept of "modules
> that load themselves" somewhat bugs me.
reasonably enough, Howver I think that the only way to do this withouth
deleting/renaming the kernel modules would be to set
kern_securelevel_enable=1 (or greater) in rc.conf or use
sysctl kern.securelevel=1
These are the same thing but adding to rc.conf makes it permement.
Have a read of man 7 security, specifically the
"SECURING THE KERNEL CORE, RAW DEVICES, AND FILE SYSTEMS"
section first though as it does other things you may not want.
Also one you have set a secure mode you are stuck with it till reboot
[root at vm ~]# sysctl kern.securelevel=1
kern.securelevel: -1 -> 1
[root at vm ~]# zpool status
internal error: failed to initialize ZFS library
[root at vm ~]# sysctl kern.securelevel=0
kern.securelevel: 1
sysctl: kern.securelevel=0: Operation not permitted
Vince
>
> I'd rather "zpool status" (which is often called by things like Facter)
> simply return an error than load a kernel module that will never be used.
>
> -Dan
>
More information about the freebsd-questions
mailing list