Date: Thu, 4 May 2017 14:56:00 +0100 From: Vincent Hoffman-Kazlauskas <vince@unsane.co.uk> To: freebsd-questions@freebsd.org Subject: Re: Stop ZFS/opensolaris from autoloading? Message-ID: <89f7e963-56fe-11c0-d78a-cdb21d253cb1@unsane.co.uk> In-Reply-To: <alpine.BSF.2.20.1704301614190.9510@prime.gushi.org> References: <alpine.BSF.2.20.1704301614190.9510@prime.gushi.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 01/05/2017 00:17, Dan Mahoney wrote: > All, > Hi, > Short of renaming the modules (which breaks upgrades and is > unpredictable) is there any easy way to stop a system from auto-loading > the ZFS modules? > > We've got some memory-constrained systems and the concept of "modules > that load themselves" somewhat bugs me. reasonably enough, Howver I think that the only way to do this withouth deleting/renaming the kernel modules would be to set kern_securelevel_enable=1 (or greater) in rc.conf or use sysctl kern.securelevel=1 These are the same thing but adding to rc.conf makes it permement. Have a read of man 7 security, specifically the "SECURING THE KERNEL CORE, RAW DEVICES, AND FILE SYSTEMS" section first though as it does other things you may not want. Also one you have set a secure mode you are stuck with it till reboot [root@vm ~]# sysctl kern.securelevel=1 kern.securelevel: -1 -> 1 [root@vm ~]# zpool status internal error: failed to initialize ZFS library [root@vm ~]# sysctl kern.securelevel=0 kern.securelevel: 1 sysctl: kern.securelevel=0: Operation not permitted Vince > > I'd rather "zpool status" (which is often called by things like Facter) > simply return an error than load a kernel module that will never be used. > > -Dan >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?89f7e963-56fe-11c0-d78a-cdb21d253cb1>