Date: Fri, 4 Oct 1996 10:29:52 -0400 From: Garrett Wollman <wollman@lcs.mit.edu> To: Michael Hancock <michaelh@cet.co.jp> Cc: current@freebsd.org Subject: Re: Immutable flags (was: Re: WARNING: botched ld.so commit! :-() Message-ID: <9610041429.AA18858@halloran-eldar.lcs.mit.edu> In-Reply-To: <Pine.SV4.3.93.961004093100.20989C-100000@parkplace.cet.co.jp> References: <9610031334.AA12862@halloran-eldar.lcs.mit.edu> <Pine.SV4.3.93.961004093100.20989C-100000@parkplace.cet.co.jp>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Fri, 4 Oct 1996 09:48:10 +0900 (JST), Michael Hancock <michaelh@cet.co.jp> said:
>> sysctl -w kern.securelevel=0 #in /etc/rc.local
> How many deamons are running by the time you get to this line?
> This isn't satisfactory, I don't want the -1 to 0 window fullstop.
THERE IS NO OPERATIONAL DIFFERENCE BETWEEN -1 AND 0. Period.
The ONLY difference is in what /sbin/init does AFTER /etc/rc is finished
executing. This is all documented in the init(8) man page; there is
no excuse for you not reading it.
-1 Permanently insecure mode - always run system in level 0 mode.
0 Insecure mode - immutable and append-only flags may be turned off.
All devices may be read or written subject to their permissions.
[...]
Normally, the system runs in level 0 mode while single user and in level
1 mode while multiuser. If the level 2 mode is desired while running
multiuser, it can be set in the startup script /etc/rc using sysctl(8).
> Why can't we export it like all the other BSDs?
Because it's a waste of effort any creates Yet Another Useless
Configuration Option.
-GAWollman
--
Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same
wollman@lcs.mit.edu | O Siem / The fires of freedom
Opinions not those of| Dance in the burning flame
MIT, LCS, ANA, or NSA| - Susan Aglukark and Chad Irschick
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9610041429.AA18858>