From owner-freebsd-current  Wed Oct  2 21:10:08 1996
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id VAA27576
          for current-outgoing; Wed, 2 Oct 1996 21:10:08 -0700 (PDT)
Received: from parkplace.cet.co.jp (parkplace.cet.co.jp [202.32.64.1])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id VAA27566
          for <current@freebsd.org>; Wed, 2 Oct 1996 21:10:02 -0700 (PDT)
Received: from localhost (michaelh@localhost) by parkplace.cet.co.jp (8.8.0/CET-v2.1) with SMTP id EAA13382; Thu, 3 Oct 1996 04:09:43 GMT
Date: Thu, 3 Oct 1996 13:09:43 +0900 (JST)
From: Michael Hancock <michaelh@cet.co.jp>
To: Alex Nash <alex@fa.tdktca.com>
cc: Garrett Wollman <wollman@lcs.mit.edu>, current@freebsd.org
Subject: Re: Immutable flags (was: Re: WARNING: botched ld.so commit! :-()
In-Reply-To: <Pine.BSF.3.91.961002165125.28257V-100000@fa.tdktca.com>
Message-ID: <Pine.SV4.3.93.961003130518.13332A-100000@parkplace.cet.co.jp>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-current@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

On Wed, 2 Oct 1996, Alex Nash wrote:

> > /kernel is marked immutable.  I'd like to be able to configure systems
> > such that you can't change the flags unless you are in single user mode
> > even if you're root.
> 
> I believe you can do this by booting up with securelevel == 0 (as opposed
> to the default of -1).  When the system switches to multi-user mode, init
> upgrades securelevel to 1, preventing the immutable flags from being
> changed.  When downgraded to single-user mode, init changes securelevel
> back to 0, allowing you to alter the immutable flags. 

What am asking for is a kernel config file option so that I don't have to
repeatedly edit the source.

options		INITIAL_SECURE_LEVEL=0

Regards,


Mike Hancock