# is it a bug in stable about /dev/mem and /dev/kmem



## Raffeale (Jan 16, 2021)

today i checkout 12.2 stable src from svn , and compile world and kernel  and install it, i found there is a bug , when i run xfce with securelevel=2  in stable  , i can't start xfce , but if i use release i can start xfce .
what's going on? i got the Xorg.log
it's said /dev/mem can't open .

in the release i just start xfce without securelevel and reboot and open securelevel again , it okay , xfce could run very well. but in stable i found i cant run xfce ,the /dev/mem can't open!
 now i only start xfce without securelevel and open secureleve lin xfce.


----------



## shkhln (Jan 16, 2021)

is this a question


----------



## Raffeale (Jan 16, 2021)

yes ,it''s a question.
i don't know why the stable can't do that ,but release can run xwindows with securelevel?


----------



## shkhln (Jan 16, 2021)

it can''t ,next question


----------



## Raffeale (Jan 16, 2021)

maybe I am didn't describe my question in detail. 
i mean i can run xwindows with securelevel in release. i put kern_securelevel=2 ,i can start xfce ,when I reinstall kernel I have to remove that line in rx.conf and start xface ,i change rc.conf again to put kern_securelevel=2 into it and restart, it can start xfce with secure level.  but the stable can't do it.


----------



## Raffeale (Jan 16, 2021)

I remember someone said that the secure-level is run after xwindow


----------



## shkhln (Jan 16, 2021)

Raffeale said:


> maybe I am didn't describe my question in detail.


You have no idea. In Russian your situation would be typically called "a monkey with a grenade". Keep your hands off securelevel.



Raffeale said:


> i mean i can run xwindows with securelevel in release. i put kern_securelevel=2 ,i can start xfce ,when I reinstall kernel I have to remove that line in rx.conf and start xface ,i change rc.conf again to put kern_securelevel=2 into it and restart, it can start xfce with secure level.  but the stable can't do it.


It's not difficult to see that code wasn't touched in 8 years: https://github.com/freebsd/freebsd-...db2d8755f816eada/sys/dev/mem/memdev.c#L81-L88. You either mistyped something the first time (and your system wasn't doing what you thought it was doing) or this is due to a different video driver selection (not sure what and where accesses /dev/mem).


----------



## Raffeale (Jan 16, 2021)

you didn't answer my question.  I want to why stable can't run xwindow with securelevel but release can do it


----------



## Emrion (Jan 16, 2021)

Reading the doc you provided, shkhln, I found:


> /dev/kmem and /dev/mem (in addition to traditional file permission checks).
> PRIV_KMEM_READ is different from other PRIV_* checks in that it's allowed
> by default.


Maybe this default has changed for securelevel=2?


----------



## Raffeale (Jan 16, 2021)

Emrion said:


> Reading the doc you provided, shkhln, I found:
> 
> Maybe this default has changed for securelevel=2?


stable can't run with securelevel , there has different kernel code for stable and release ? I have just compiled release to buildworld and kernel, it can run xwindow with secure level. I just want to know  why  stable can't do that ? thanks for your answer


----------

