FreeBSD 11.0



FreeBSD is a general purpose operating system which tends to get a lot of use on servers. FreeBSD has a well-earned reputation for stability and for making incremental updates rather than large, compatibility-breaking leaps. The latest release of FreeBSD is version 11.0. The new release features boot environments and support for guided installations on UFS and ZFS volumes. The project's updated system installer offers administrators a number of significant security features, including temporarily file clean-up, memory protections, PID randomization and hidden user processes.



FreeBSD 11.0 is available for several architectures, including ARM and both 32-bit and 64-bit x86 processors. In some cases we also have a choice of download sizes. For example, we can download CD-sized ISO files or larger ISO files that can be copied to a DVD or USB thumb drive. I decided to download the CD-sized (654MB) ISO for 64-bit x86 machines. I also downloaded the USB stick edition which was about 700MB in size.



Booting from the project's installation media brings up a text console where we are presented with a series of menus. The first menu gives us the choice of launching the project's system installer or dropping to a command line. FreeBSD's installer shows us a series of text menus and walks us through selecting our keyboard layout and setting a hostname. We are asked if we would like to enable optional system components like debugging information, documentation, third-party ports, system source code and 32-bit compatibility. I decided to start by installing documentation, ports and 32-bit libraries. Next we are brought to the partitioning section. We can choose to drop to a command line, manually divide up our disk with a series of menu screens or take one of two guided options. The installer supports guided UFS and ZFS configurations. UFS is FreeBSD's traditional file system which is relatively lightweight while ZFS offers more features such as file system snapshots, software RAID and disk mirroring. I took the guided ZFS option. I was then given the chance to set the size of my swap partition, set up RAID or mirrors and name my ZFS storage. The installer supports working with either MBR or GPT disk layouts.



The installer then copies the FreeBSD operating system to our hard disk and proceeds to walk us through additional configuration steps. We are asked to create a password for the root account, configure our network card and select our time zone from a list. We can also enable background services like network time synchronization, kernel dumps and the OpenSSH secure shell server. We can also enable security options such as hiding processes from other users, randomizing PIDs and disabling the mail service. We can then add additional user accounts to the system. The installer concludes by offering us a chance to go back and change our setting options or download the FreeBSD Handbook. With the install completed, we can reboot the computer to start using our new copy of FreeBSD 11.0.



I tried running FreeBSD 11.0 in two test environments, on a desktop computer and inside a VirtualBox virtual machine. FreeBSD worked fairly well as a VirtualBox guest. The system was quick to boot and ran smoothly. I did run into problems with my screen resolution which I will discuss later, but otherwise FreeBSD performed well in the virtual environment. The operating system did not work well with my desktop hardware. The installation media refused to boot at all when the desktop was in legacy BIOS mode. When I switched over to UEFI mode, the FreeBSD menu would show me a boot menu and then begin the boot process, but the operating system locked up while detecting hardware and failed to finish booting.



Booting the system begins by showing us the FreeBSD boot menu, which I will come back to later. The operating system then boots to a text console and presents us with a login prompt. We start off with a fairly minimal command line interface. We have access to the classic UNIX command line tools and manual pages. The system is quite light and fast, using around 100MB of memory when sitting at the command line. Later, when I had a desktop environment up and running, I found the operating system (with ZFS support and the Lumina desktop running) used about 430MB of RAM.



FreeBSD provides users with two methods of package management. The first, and probably most convenient for most users, is the pkg command line package manager. The pkg software manager offers a simple syntax for finding, installing, removing and upgrading applications. pkg has a syntax which is similar in style to APT on Debian and DNF on Fedora and works quickly. I found pkg worked well for me and I encountered no errors while using it. Alternatively, we can use FreeBSD's ports system to install third-party software. The ports collection provides recipes for installing and removing libraries and applications on FreeBSD. Since using ports means software is complied from its source code on our system, using ports takes a good deal more time than using pkg, but it also means we can customize out software a little and tweak options. FreeBSD has a robust collection of ports and package, with a little over 26,000 items available in the project's repositories.



FreeBSD keeps the core operating system logically separate from third-party packages. This means packages are generally located in different directories from the rest of the operating system and it means there are separate tools for upgrading and patching the operating system. To keep the core system up to date we use a tool called freebsd-update. I tried running the freebsd-update tool to check for new security updates, but ran into errors. Specifically, checking for updates would return the message, "Cannot identify running kernel". I also found the utility for checking the current version of the operating system, freebsd-version, would report it could not identify the running kernel. This seemed all the more strange because the uname command does correctly identify the running kernel.



One of the first things I wanted to do with FreeBSD was set up a desktop environment and a few applications. This required I install the Xorg packages and a preferred desktop. I decided to install Lumina, a fairly lightweight, Qt-based desktop. The Xorg software, Lumina and login manager (xdm) packages, when combined, made for a 960MB download. The FreeBSD Handbook has directions which explain which software needs to be installed and how to configure the services. I enabled the xdm display manager and made sure HAL and D-Bus were enabled as these are not set up for us automatically when the packages are installed. While I did get all the pieces in place, I ran into a few problems. For example, I could not sign into a desktop environment from the graphical login screen when the system booted and no error message was displayed. On the other hand, my user account was able to sign into the Lumina desktop environment by running startx from the command line.





FreeBSD 11.0 -- Running the Lumina desktop

(full image size: 696kB, resolution: 1024x768 pixels)



Once I got signed into the desktop environment and started added applications, I found my screen resolution was limited in the VirtualBox environment. The FreeBSD wiki has instructions for adding VirtualBox modules and improving display resolution. I tried the steps outlined in the wiki, but was unable to improve display resolution above 1024x768 pixels.



When I last experimented with FreeBSD 10.3, one of the features which held a lot of promise was boot environments. A boot environment uses file system snapshots to save the state of the operating system. We can then roll back the operating system to an earlier point in time. TrueOS and openSUSE both enable boot environments by default and it means if any package update or configuration change breaks the system, we can reboot to revert the change. FreeBSD 10.3 introduced boot environments and they worked while the system was running, but it was not possible to select alternative boot environments from the operating system's boot menu. This greatly reduced the effectiveness of boot environments as a rescue tool.



FreeBSD 11.0, when installed on a ZFS storage pool, should support boot environments, but I ran into a number of issues while trying to use them. The first thing the user needs to do is install the boot environment admin tool, beadm. Once beadm has been installed from the FreeBSD package repositories, we can try to create snapshots of our operating system. At first I was unable to get beadm to work. When attempting to create new snapshots beadm returned errors and reported there was no entropy file present.



A little poking around revealed that the /boot directory was just a symbolic link to a location which did not exist. I set up the missing /boot directory and was then able to create boot environments. However, then I ran into a few other problems. At start-up time, I was unable to select alternative boot environments from the boot menu as no snapshots were listed in the boot menu. Once the operating system was up and running, I was able to use beadm to set a specific snapshot to use the next time the system was restarted. Unfortunately, selecting any but the default boot environment would cause the system to fail to boot properly. FreeBSD could not connect to the network when booting alternative snapshots and failed to reach the login prompt. The only way I could find to restore the system to a working state was to boot in rescue mode and switch the active boot environment back to the default option.



Earlier I mentioned there was no /boot directory on my system when I started using it and this appeared to be related to a variety of other issues. The lack of /boot directory meant there was no /boot/loader.conf file, which meant early on I was unable to set certain system parameters, at least until I had manually created the /boot directory. I also ran into warnings when the system was starting that no entropy file was present and data could not be written to the /dev/random file, which I suspect meant my system was not safely generating random numbers. As I mentioned earlier, tools such as freebsd-update and freebsd-version were unable to detect my kernel version and I suspect this was related to the missing /boot directory. Though even after this directory had been created, these two programs still failed to work.





FreeBSD 11.0 -- Hiding other users' processes

(full image size: 718kB, resolution: 1024x768 pixels)



Conclusions



There were definitely some attractive features in FreeBSD 11.0. I especially enjoyed the changes to the system installer. The ability to set up UFS and ZFS through a series of guided steps was a welcome feature. I also really appreciate that the installer will allow us to enable certain security features like PID randomization and hiding the processes of other users. Linux distributions allow the administrator to set these options, but they often require digging through documentation and setting cryptic variables from the command line. FreeBSD makes enabling these features as straight forward as checking a box during the initial installation.



I also like how pkg has progressed. I think it has become faster in the past year or two and handled dependencies better than it did when the new package manager was introduced. In addition, FreeBSD's documentation is as good as ever, though I feel it has become more scattered. There were times I would find what I wanted in the Handbook, but other times I had to switch to the wiki or dig through a man page. The information is out there, but it can take some searching to find.



Other aspects of running FreeBSD were more disappointing. For example, I had hoped to find boot environments working and accessible from the boot menu. However, progress seems to have reversed in this area as switching boot environments prevented the system from loading. There were some other issues, for example I was unable to login from the graphical login screen, but I could access the Lumina desktop by signing into my account from the command line and launching an X session.



Hardware was a weak point in my experiment. FreeBSD did not work on my desktop machine at all in BIOS mode and failed to boot from installation media in UEFI mode. When running in a VirtualBox environment, the operating system did much better. FreeBSD was able to boot, play sound and run smoothly, but screen resolution was limited, even after VirtualBox modules had been installed and enabled.



Perhaps my biggest concern though while using FreeBSD 11.0 was that I could not update the base operating system, meaning it would be difficult to keep the system patched against security updates. Even once I had manually created a /boot directory to fix the boot environment creation issue, freebsd-update and freebsd-version continued to fail to detect the running kernel. This leaves the system vulnerable and means our best chance for keeping up with security updates is to manually install them from source code, not an ideal situation.



All in all, FreeBSD 11.0 does have some interesting new features, but it also has several bugs which make me want to hold off on using the operating system until a point release has been made available to fix the existing issues. * * * * * Hardware used in this review



My physical test equipment for this review was a desktop HP Pavilon p6 Series with the following specifications: Processor: Dual-core 2.8GHz AMD A4-3420 APU

Storage: 500GB Hitachi hard drive

Memory: 6GB of RAM

Networking: Realtek RTL8111 wired network card

Display: AMD Radeon HD 6410D video card