Re: kern.allowkmem in examples?
Yes, that is a lot better. The command could even suggest so upon runttime failure ... > > On Mon, May 22, 2017 at 02:00:51PM +0200, Jan Stary wrote: > > > acpidump(8) wants kern.allowkmem. > > > Does it make sense to put that into examples sysctl.conf? > > On May 22 09:06:51, dera...@openbsd.org wrote: > > No, in fact I want to kill that sysctl eventually, perhaps couple this > > with securelevel=0, and never allow it otherwise. > > On May 22 14:09:57, sema...@online.fr wrote: > > It should be rare to need to run acpidump(8) post-boot. The system > > already runs it at startup and stock files under /var/db/acpi. > > On May 22 14:42:57, mark.kette...@xs4all.nl wrote: > > The bootscript already runs acpidump ad stores the results in /var/db/acpi. > > So there is no reason to run acpidump. > > Should the manpage say so? > > > Index: acpidump.8 > === > RCS file: /cvs/src/usr.sbin/acpidump/acpidump.8,v > retrieving revision 1.17 > diff -u -p -r1.17 acpidump.8 > --- acpidump.826 Sep 2016 19:58:26 - 1.17 > +++ acpidump.822 May 2017 17:41:03 - > @@ -71,9 +71,14 @@ requires the ability to open > which may be restricted based upon the value of the > .Ar kern.allowkmem > .Xr sysctl 8 . > +.Pp > +.Nm > +is run at startup and stores the results in > +.Pa /var/db/acpi . > .Sh FILES > .Bl -tag -width /dev/mem > .It Pa /dev/mem > +.It Pa /var/db/acpi > .El > .Sh SEE ALSO > .Xr pkg_add 1 , >
Re: kern.allowkmem in examples?
> On Mon, May 22, 2017 at 02:00:51PM +0200, Jan Stary wrote: > > acpidump(8) wants kern.allowkmem. > > Does it make sense to put that into examples sysctl.conf? On May 22 09:06:51, dera...@openbsd.org wrote: > No, in fact I want to kill that sysctl eventually, perhaps couple this > with securelevel=0, and never allow it otherwise. On May 22 14:09:57, sema...@online.fr wrote: > It should be rare to need to run acpidump(8) post-boot. The system > already runs it at startup and stock files under /var/db/acpi. On May 22 14:42:57, mark.kette...@xs4all.nl wrote: > The bootscript already runs acpidump ad stores the results in /var/db/acpi. > So there is no reason to run acpidump. Should the manpage say so? Index: acpidump.8 === RCS file: /cvs/src/usr.sbin/acpidump/acpidump.8,v retrieving revision 1.17 diff -u -p -r1.17 acpidump.8 --- acpidump.8 26 Sep 2016 19:58:26 - 1.17 +++ acpidump.8 22 May 2017 17:41:03 - @@ -71,9 +71,14 @@ requires the ability to open which may be restricted based upon the value of the .Ar kern.allowkmem .Xr sysctl 8 . +.Pp +.Nm +is run at startup and stores the results in +.Pa /var/db/acpi . .Sh FILES .Bl -tag -width /dev/mem .It Pa /dev/mem +.It Pa /var/db/acpi .El .Sh SEE ALSO .Xr pkg_add 1 ,
Re: kern.allowkmem in examples?
No, in fact I want to kill that sysctl eventually, perhaps couple this with securelevel=0, and never allow it otherwise. The days of kernel memory snooping are OVER. > acpidump(8) wants kern.allowkmem. > Does it make sense to put that into examples sysctl.conf? > > Jan > > Index: sysctl.conf > === > RCS file: /cvs/src/etc/examples/sysctl.conf,v > retrieving revision 1.4 > diff -u -p -r1.4 sysctl.conf > --- sysctl.conf 3 Apr 2015 15:50:28 - 1.4 > +++ sysctl.conf 22 May 2017 11:58:27 - > @@ -33,4 +33,5 @@ > #kern.nosuidcoredump=3 # 3=Put suid coredumps in > /var/crash/progname > #kern.watchdog.period=32 # >0=Enable hardware watchdog(4) timer if > available > #kern.watchdog.auto=0# 0=Disable automatic watchdog(4) > retriggering > +#kern.allowkmem=1# 1=Allow e.g. acpidump to open /dev/kmem > #hw.allowpowerdown=0 # 0=Disable power button shutdown >
Re: kern.allowkmem in examples?
> Date: Mon, 22 May 2017 14:00:51 +0200 > From: Jan Stary> > acpidump(8) wants kern.allowkmem. > Does it make sense to put that into examples sysctl.conf? I'm not necessaily against adding and kern.allowkmem entry, but acpidump is a bit of a bad example. The bootscript already runs acpidump ad stores the results in /var/db/acpi. So there is no reason to run acpidump. > Index: sysctl.conf > === > RCS file: /cvs/src/etc/examples/sysctl.conf,v > retrieving revision 1.4 > diff -u -p -r1.4 sysctl.conf > --- sysctl.conf 3 Apr 2015 15:50:28 - 1.4 > +++ sysctl.conf 22 May 2017 11:58:27 - > @@ -33,4 +33,5 @@ > #kern.nosuidcoredump=3 # 3=Put suid coredumps in > /var/crash/progname > #kern.watchdog.period=32 # >0=Enable hardware watchdog(4) timer if > available > #kern.watchdog.auto=0# 0=Disable automatic watchdog(4) > retriggering > +#kern.allowkmem=1# 1=Allow e.g. acpidump to open /dev/kmem > #hw.allowpowerdown=0 # 0=Disable power button shutdown > >
Re: kern.allowkmem in examples?
On Mon, May 22, 2017 at 02:00:51PM +0200, Jan Stary wrote: > acpidump(8) wants kern.allowkmem. > Does it make sense to put that into examples sysctl.conf? > It should be rare to need to run acpidump(8) post-boot. The system already runs it at startup and stock files under /var/db/acpi. -- Sebastien Marie