is it a bug in stable about /dev/mem and /dev/kmem

[Raffeale]

today i checkout 12.2 stable src from svn , and compile world and kernel and install it, i found there is a bug , when i run xfce with securelevel=2 in stable , i can't start xfce , but if i use release i can start xfce .
what's going on? i got the Xorg.log
it's said /dev/mem can't open .

in the release i just start xfce without securelevel and reboot and open securelevel again , it okay , xfce could run very well. but in stable i found i cant run xfce ,the /dev/mem can't open!
now i only start xfce without securelevel and open secureleve lin xfce.

 

[shkhln]

is this a question

 

[Raffeale]

yes ,it''s a question.
i don't know why the stable can't do that ,but release can run xwindows with securelevel?

 

[shkhln]

it can''t ,next question

 

[Raffeale]

maybe I am didn't describe my question in detail.
i mean i can run xwindows with securelevel in release. i put kern_securelevel=2 ,i can start xfce ,when I reinstall kernel I have to remove that line in rx.conf and start xface ,i change rc.conf again to put kern_securelevel=2 into it and restart, it can start xfce with secure level. but the stable can't do it.

 

[Raffeale]

I remember someone said that the secure-level is run after xwindow

 

[shkhln]

maybe I am didn't describe my question in detail.

You have no idea. In Russian your situation would be typically called "a monkey with a grenade". Keep your hands off securelevel.

i mean i can run xwindows with securelevel in release. i put kern_securelevel=2 ,i can start xfce ,when I reinstall kernel I have to remove that line in rx.conf and start xface ,i change rc.conf again to put kern_securelevel=2 into it and restart, it can start xfce with secure level. but the stable can't do it.

It's not difficult to see that code wasn't touched in 8 years: https://github.com/freebsd/freebsd-...db2d8755f816eada/sys/dev/mem/memdev.c#L81-L88. You either mistyped something the first time (and your system wasn't doing what you thought it was doing) or this is due to a different video driver selection (not sure what and where accesses /dev/mem).

 

[Raffeale]

you didn't answer my question. I want to why stable can't run xwindow with securelevel but release can do it

 

[Emrion]

Reading the doc you provided, shkhln, I found:

/dev/kmem and /dev/mem (in addition to traditional file permission checks).
PRIV_KMEM_READ is different from other PRIV_* checks in that it's allowed
by default.

Maybe this default has changed for securelevel=2?

 

[Raffeale]

Reading the doc you provided, shkhln, I found:

Maybe this default has changed for securelevel=2?

stable can't run with securelevel , there has different kernel code for stable and release ? I have just compiled release to buildworld and kernel, it can run xwindow with secure level. I just want to know why stable can't do that ? thanks for your answer