Date: Fri, 5 Jan 2001 18:20:40 -0800 From: Erick Mechler <emechler@techometer.net> To: Peter Brezny <peter@sysadmin-inc.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: changing kernsecurelevel Message-ID: <20010105182040.A62789@techometer.net> In-Reply-To: <001101c0779c$096cc260$46010a0a@sysadmininc.com>; from Peter Brezny on Fri, Jan 05, 2001 at 08:49:21PM -0800 References: <001101c0779c$096cc260$46010a0a@sysadmininc.com>
next in thread | previous in thread | raw e-mail | index | archive | help
You can't change the securelevel to anything lower without rebooting
the machine, but you can raise it. If you could lower it using some
userland command, it won't really be that secure, no?
From the securelevel manpage:
The kernel runs with four different levels of security. Any super-user
process can raise the security level, but no process can lower it.
The securelevel definitions are also on the same manpage.
Regards,
Erick
At Fri, Jan 05, 2001 at 08:49:21PM -0800, Peter Brezny said this:
:: How can I change the sysctl kern.securelevel from 2 to -1 without rebooting
:: the machine.
::
:: I've run into problems installing new kernels with a kernelsecure level of
:: 2, but so far, the only way I've figured out to change the kernel secure
:: level is to modify rc.conf, changing the secure level and rebooting the
:: machine.
::
:: How do i accomplish this without a reboot, or, if i am going at it all
:: wrong, how do i rebuild the kernel of a machine with a kern.securelevel=2?
::
:: TIA
::
:: Peter Brezny
:: SysAdmin Services Inc.
::
::
::
:: To Unsubscribe: send mail to majordomo@FreeBSD.org
:: with "unsubscribe freebsd-security" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010105182040.A62789>