Date: Fri, 4 Oct 1996 10:29:52 -0400 From: Garrett Wollman <wollman@lcs.mit.edu> To: Michael Hancock <michaelh@cet.co.jp> Cc: current@freebsd.org Subject: Re: Immutable flags (was: Re: WARNING: botched ld.so commit! :-() Message-ID: <9610041429.AA18858@halloran-eldar.lcs.mit.edu> In-Reply-To: <Pine.SV4.3.93.961004093100.20989C-100000@parkplace.cet.co.jp> References: <9610031334.AA12862@halloran-eldar.lcs.mit.edu> <Pine.SV4.3.93.961004093100.20989C-100000@parkplace.cet.co.jp>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Fri, 4 Oct 1996 09:48:10 +0900 (JST), Michael Hancock <michaelh@cet.co.jp> said: >> sysctl -w kern.securelevel=0 #in /etc/rc.local > How many deamons are running by the time you get to this line? > This isn't satisfactory, I don't want the -1 to 0 window fullstop. THERE IS NO OPERATIONAL DIFFERENCE BETWEEN -1 AND 0. Period. The ONLY difference is in what /sbin/init does AFTER /etc/rc is finished executing. This is all documented in the init(8) man page; there is no excuse for you not reading it. -1 Permanently insecure mode - always run system in level 0 mode. 0 Insecure mode - immutable and append-only flags may be turned off. All devices may be read or written subject to their permissions. [...] Normally, the system runs in level 0 mode while single user and in level 1 mode while multiuser. If the level 2 mode is desired while running multiuser, it can be set in the startup script /etc/rc using sysctl(8). > Why can't we export it like all the other BSDs? Because it's a waste of effort any creates Yet Another Useless Configuration Option. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, ANA, or NSA| - Susan Aglukark and Chad Irschick
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9610041429.AA18858>