From owner-freebsd-security  Fri Jan  5 18: 7:33 2001
From owner-freebsd-security@FreeBSD.ORG  Fri Jan  5 18:07:31 2001
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from bazooka.unixfreak.org (bazooka.unixfreak.org [63.198.170.138])
	by hub.freebsd.org (Postfix) with ESMTP id BEEA337B402
	for <freebsd-security@freebsd.org>; Fri,  5 Jan 2001 18:07:31 -0800 (PST)
Received: by bazooka.unixfreak.org (Postfix, from userid 1000)
	id 7678E3E02; Fri,  5 Jan 2001 18:07:31 -0800 (PST)
Received: from unixfreak.org (localhost [127.0.0.1])
	by bazooka.unixfreak.org (Postfix) with ESMTP
	id 6FDC93C10A; Fri,  5 Jan 2001 18:07:31 -0800 (PST)
To: peter@sysadmin-inc.com
Cc: freebsd-security@freebsd.org
Subject: Re: changing kernsecurelevel 
In-Reply-To: Message from "Peter Brezny" <peter@sysadmin-inc.com> 
   of "Fri, 05 Jan 2001 20:49:21 PST." <001101c0779c$096cc260$46010a0a@sysadmininc.com> 
Date: Fri, 05 Jan 2001 18:07:26 -0800
From: Dima Dorfman <dima@unixfreak.org>
Message-Id: <20010106020731.7678E3E02@bazooka.unixfreak.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> How can I change the sysctl kern.securelevel from 2 to -1 without rebooting
> the machine.

You can't.  The whole point of securelevel is that it can *never* be
lowered.

> How do i accomplish this without a reboot, or, if i am going at it all
> wrong, how do i rebuild the kernel of a machine with a kern.securelevel=2?

You can't.  If this is such a problem, don't raise the securelevel.
Also take a look at
http://www.freebsd.org/FAQ/admin.html#KERNEL-CHFLAG-FAILURE.

					Dima Dorfman
					dima@unixfreak.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message