rc.conf kld_list vs kern.securelevel

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

rc.conf kld_list vs kern.securelevel

Andreas Nilsson-8
Hello,

I recently configured a system where kern.securelevel=1 would be good, but
noticed that modules listed in kld_list in rc.conf is then not loaded.
Would it not be a good to either explicitly state that kld_list cannot be
used with kern.securelevel, or have kld run before sysctl?

Best regards
Andreas
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: rc.conf kld_list vs kern.securelevel

Allan Jude-9
On 2018-05-18 07:04, Andreas Nilsson wrote:

> Hello,
>
> I recently configured a system where kern.securelevel=1 would be good, but
> noticed that modules listed in kld_list in rc.conf is then not loaded.
> Would it not be a good to either explicitly state that kld_list cannot be
> used with kern.securelevel, or have kld run before sysctl?
>
> Best regards
> Andreas
> _______________________________________________
> [hidden email] mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "[hidden email]"
>
It would seem that kld_list would need to be loaded before sysctl run
anyway, since the sysctl you are trying to set might not exist until the
kernel modules are loaded. Is the securelevel actually set by the sysctl
service?

--
Allan Jude


signature.asc (851 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: rc.conf kld_list vs kern.securelevel

Andreas Nilsson-8
On Fri, May 18, 2018 at 3:48 PM, Allan Jude <[hidden email]> wrote:

> On 2018-05-18 07:04, Andreas Nilsson wrote:
> > Hello,
> >
> > I recently configured a system where kern.securelevel=1 would be good,
> but
> > noticed that modules listed in kld_list in rc.conf is then not loaded.
> > Would it not be a good to either explicitly state that kld_list cannot be
> > used with kern.securelevel, or have kld run before sysctl?
> >
> > Best regards
> > Andreas
> > _______________________________________________
> > [hidden email] mailing list
> > https://lists.freebsd.org/mailman/listinfo/freebsd-jail
> > To unsubscribe, send any mail to "[hidden email]"
> >
>
> It would seem that kld_list would need to be loaded before sysctl run
> anyway, since the sysctl you are trying to set might not exist until the
> kernel modules are loaded. Is the securelevel actually set by the sysctl
> service?
>
> --
> Allan Jude
>
> Hello

Seems I managed to send to wrong list :/

Yes, values from sysctl.conf are being applied, i guess by rc.d/sysctl
script, so that seems to work.

Adding # BEFORE: sysctl to rc.d/kld didn't help, does one have to do
anything special to reevaluate rc-script order?

Best regards
Andreas
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-jail
To unsubscribe, send any mail to "[hidden email]"