From owner-freebsd-current  Fri Oct  4 07:30:41 1996
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id HAA21829
          for current-outgoing; Fri, 4 Oct 1996 07:30:41 -0700 (PDT)
Received: from halloran-eldar.lcs.mit.edu (halloran-eldar.lcs.mit.edu [18.26.0.159])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id HAA21824
          for <current@freebsd.org>; Fri, 4 Oct 1996 07:30:38 -0700 (PDT)
Received: by halloran-eldar.lcs.mit.edu; (5.65v3.2/1.1.8.2/19Aug95-0530PM)
	id AA18858; Fri, 4 Oct 1996 10:29:52 -0400
Date: Fri, 4 Oct 1996 10:29:52 -0400
From: Garrett Wollman <wollman@lcs.mit.edu>
Message-Id: <9610041429.AA18858@halloran-eldar.lcs.mit.edu>
To: Michael Hancock <michaelh@cet.co.jp>
Cc: current@freebsd.org
Subject: Re: Immutable flags (was: Re: WARNING: botched ld.so commit! :-()
In-Reply-To: <Pine.SV4.3.93.961004093100.20989C-100000@parkplace.cet.co.jp>
References: <9610031334.AA12862@halloran-eldar.lcs.mit.edu>
	<Pine.SV4.3.93.961004093100.20989C-100000@parkplace.cet.co.jp>
Sender: owner-current@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

<<On Fri, 4 Oct 1996 09:48:10 +0900 (JST), Michael Hancock <michaelh@cet.co.jp> said:

>> sysctl -w kern.securelevel=0 #in /etc/rc.local

> How many deamons are running by the time you get to this line?

> This isn't satisfactory, I don't want the -1 to 0 window fullstop.

THERE IS NO OPERATIONAL DIFFERENCE BETWEEN -1 AND 0.  Period.

The ONLY difference is in what /sbin/init does AFTER /etc/rc is finished
executing.  This is all documented in the init(8) man page; there is
no excuse for you not reading it.

     -1    Permanently insecure mode - always run system in level 0 mode.

     0     Insecure mode - immutable and append-only flags may be turned off.
           All devices may be read or written subject to their permissions.

[...]

     Normally, the system runs in level 0 mode while single user and in level
     1 mode while multiuser.  If the level 2 mode is desired while running
     multiuser, it can be set in the startup script /etc/rc using sysctl(8).

> Why can't we export it like all the other BSDs?

Because it's a waste of effort any creates Yet Another Useless
Configuration Option.

-GAWollman

--
Garrett A. Wollman   | O Siem / We are all family / O Siem / We're all the same
wollman@lcs.mit.edu  | O Siem / The fires of freedom 
Opinions not those of| Dance in the burning flame
MIT, LCS, ANA, or NSA|                     - Susan Aglukark and Chad Irschick