Hello FreeBSD community, Recently plays with securelevel and what I discover: no chance for data to survive against remote root, except backups of course. Maybe this log can be a proposal for raising securelevel further or include securelevel support against the software which can deal with zfs and GEOM labels ?
root@tests:~ # sysctl kern.securelevel=3 kern.securelevel: -1 -> 3 root@tests:~ # gpart show ada3 gpart: No such geom: ada3. root@tests:~ # gpart create -s gpt /dev/ada3 ada3 created root@tests:~ # gpart add -t freebsd-zfs -l testdisk -a4k /dev/ada3 ada3p1 added root@tests:~ # gpart show /dev/ada3 => 34 1953525101 ada3 GPT (932G) 34 6 - free - (3.0K) 40 1953525088 1 freebsd-zfs (932G) 1953525128 7 - free - (3.5K) root@tests:~ # zpool create testpool /dev/gpt/testdisk root@tests:~ # zpool status testpool pool: testpool state: ONLINE scan: none requested config: NAME STATE READ WRITE CKSUM testpool ONLINE 0 0 0 gpt/testdisk ONLINE 0 0 0 errors: No known data errors root@tests:~ # zfs create testpool/test1 root@tests:~ # zfs list | grep test system/test2 144K 1.78T 144K none testpool 150K 913G 32K /testpool testpool/test1 31K 913G 31K /testpool/test1 root@tests:~ # zfs create testpool/test1 root@tests:~ # zpool destroy testpool root@tests:~ # zpool status testpool cannot open 'testpool': no such pool root@tests:~ # gpart show /dev/ada3 => 34 1953525101 ada3 GPT (932G) 34 6 - free - (3.0K) 40 1953525088 1 freebsd-zfs (932G) 1953525128 7 - free - (3.5K) root@tests:~ # gpart delete -i 1 /dev/ada3 ada3p1 deleted root@tests:~ # gpart destroy /dev/ada3 ada3 destroyed root@tests:~ # gpart show /dev/ada3 gpart: No such geom: /dev/ada3. root@tests:~ # sysctl kern.securelevel kern.securelevel: 3 _______________________________________________ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
