From owner-freebsd-questions Wed Jun 6 6: 9:21 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail.the-i-pa.com (mail.the-i-pa.com [151.201.71.132]) by hub.freebsd.org (Postfix) with SMTP id 4BB6237B405 for ; Wed, 6 Jun 2001 06:09:18 -0700 (PDT) (envelope-from wmoran@iowna.com) Received: (qmail 93851 invoked from network); 6 Jun 2001 13:17:34 -0000 Received: from unknown (HELO iowna.com) (151.201.71.193) by mail.the-i-pa.com with SMTP; 6 Jun 2001 13:17:34 -0000 Message-ID: <3B1E2B00.97D75D0A@iowna.com> Date: Wed, 06 Jun 2001 09:07:12 -0400 From: Bill Moran X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.2-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Neil Darlow Cc: Questions Subject: Re: Disabling kern.securelevel? References: <20010606.11174600@ideal.darlow.co.uk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Neil Darlow wrote: > > Hi, > > I understand the benefits of running with kern.securelevel > 0 but > I am finding that it gets in the way when applying patches. > > Is there any way, other than reboot, to change kern.securelevel back > to 0? > > I've been doing some security updates recently and I've had to do > the following: > > 1) Disable securelevel in /etc/rc.conf > 2) Reboot > 3) Install patches (for files with schg set) > 4) Enable securelevel in /etc/rc.conf > 5) Reboot In addition to comments by others, you can skip the last reboot, since you can always *raise* the securelevel. In other words, after fixing /etc/rc.conf (or not, if you follow other's advice) you simply use sysctl to set kern.securelevel where you want it. -Bill To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message