gpart destroy, zpool destroy, zfs destroy under securelevel 3
Vladimir Sharun
atz at ukr.net
Mon May 26 13:49:02 UTC 2014
Hello FreeBSD community,
Recently plays with securelevel and what I discover: no chance for data to survive against remote root, except backups of course. Maybe this log can be a proposal for raising securelevel further or include securelevel support against the software which can deal with zfs and GEOM labels ?
root at tests:~ # sysctl kern.securelevel=3
kern.securelevel: -1 -> 3
root at tests:~ # gpart show ada3
gpart: No such geom: ada3.
root at tests:~ # gpart create -s gpt /dev/ada3
ada3 created
root at tests:~ # gpart add -t freebsd-zfs -l testdisk -a4k /dev/ada3
ada3p1 added
root at tests:~ # gpart show /dev/ada3
=> 34 1953525101 ada3 GPT (932G)
34 6 - free - (3.0K)
40 1953525088 1 freebsd-zfs (932G)
1953525128 7 - free - (3.5K)
root at tests:~ # zpool create testpool /dev/gpt/testdisk
root at tests:~ # zpool status testpool
pool: testpool
state: ONLINE
scan: none requested
config:
NAME STATE READ WRITE CKSUM
testpool ONLINE 0 0 0
gpt/testdisk ONLINE 0 0 0
errors: No known data errors
root at tests:~ # zfs create testpool/test1
root at tests:~ # zfs list | grep test
system/test2 144K 1.78T 144K none
testpool 150K 913G 32K /testpool
testpool/test1 31K 913G 31K /testpool/test1
root at tests:~ # zfs create testpool/test1
root at tests:~ # zpool destroy testpool
root at tests:~ # zpool status testpool
cannot open 'testpool': no such pool
root at tests:~ # gpart show /dev/ada3
=> 34 1953525101 ada3 GPT (932G)
34 6 - free - (3.0K)
40 1953525088 1 freebsd-zfs (932G)
1953525128 7 - free - (3.5K)
root at tests:~ # gpart delete -i 1 /dev/ada3
ada3p1 deleted
root at tests:~ # gpart destroy /dev/ada3
ada3 destroyed
root at tests:~ # gpart show /dev/ada3
gpart: No such geom: /dev/ada3.
root at tests:~ # sysctl kern.securelevel
kern.securelevel: 3
More information about the freebsd-current
mailing list