From jin@adv-pc-1.lbl.gov  Wed Mar 19 10:24:31 1997
Received: from adv-pc-1.lbl.gov (adv-pc-1.lbl.gov [128.3.196.189])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id KAA12440
          for <FreeBSD-gnats-submit@freebsd.org>; Wed, 19 Mar 1997 10:24:31 -0800 (PST)
Received: (from jin@localhost)
	by adv-pc-1.lbl.gov (8.8.5/8.8.5) id KAA03713;
	Wed, 19 Mar 1997 10:24:30 -0800 (PST)
Message-Id: <199703191824.KAA03713@adv-pc-1.lbl.gov>
Date: Wed, 19 Mar 1997 10:24:30 -0800 (PST)
From: "Jin Guojun[ITG]" <jin@adv-pc-1.lbl.gov>
Reply-To: jin@adv-pc-1.lbl.gov
To: FreeBSD-gnats-submit@freebsd.org
Subject: higher securelevel (>0) stops X server
X-Send-Pr-Version: 3.2

>Number:         3039
>Category:       kern
>Synopsis:       higher securelevel (>0) stops X server
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Mar 19 10:30:01 PST 1997
>Closed-Date:    Sat Aug 23 14:51:16 MEST 1997
>Last-Modified:  Sat Aug 23 14:53:08 MEST 1997
>Originator:     Jin Guojun[ITG]
>Release:        FreeBSD 2.2-RELEASE i386
>Organization:
>Environment:

	2.2-RELEASE only

>Description:

	In the 2.2-RELEASE, the X server cannot start if the security level
	is set higher than 0. It looks like the higher security level blocks
	the video or console access.

>How-To-Repeat:

	% sysctl -w kern.securelevel=1
	% startx
	xf86OpenConsole: KDENABIO failed

>Fix:
	
	

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: joerg 
State-Changed-When: Sat Aug 23 14:51:16 MEST 1997 
State-Changed-Why:  
That's not a bug but intention.  Securelevels would be fairly useless 
if raw port IO were allowed in higher securelevels. 

For a real fix, the entire Xserver model would have to be revamped, and 
needed to use kernel drivers specific for each card.  While this might 
in theory be possible with LKMs, it's nothing that is likely to happen 
anytime soon. 
>Unformatted:
