From owner-freebsd-questions  Sat Dec  2  7:46:10 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from draenor.org (draenor.org [196.36.119.129])
	by hub.freebsd.org (Postfix) with ESMTP id 7A32E37B400
	for <freebsd-questions@freebsd.org>; Sat,  2 Dec 2000 07:46:06 -0800 (PST)
Received: from marcs by draenor.org with local (Exim 3.16 #1)
	id 142ErM-000GGx-00; Sat, 02 Dec 2000 17:45:56 +0200
Date: Sat, 2 Dec 2000 17:45:56 +0200
From: Marc Silver <marcs@draenor.org>
To: Tomaz Izanc <tomaz@it-t.si>
Cc: "freebsd-questions@FreeBSD.ORG" <freebsd-questions@FreeBSD.ORG>
Subject: Re: kern.securelevel
Message-ID: <20001202174556.D51698@draenor.org>
References: <3A2901D2.E97FFA6E@it-t.si>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <3A2901D2.E97FFA6E@it-t.si>; from tomaz@it-t.si on Sat, Dec 02, 2000 at 03:06:10PM +0100
X-Operating-System: FreeBSD 4.2-STABLE
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Hi there,

If you want to make your securelevel -1 then your line must look like
this in /etc/rc.conf

kern_securelevel="-1"

You then have to reboot as you can't go down a securelevel while a
machine is already at a higher level.  You will then be able to change
the immutable flag on the kernel.  :)

See the man page for init(8) which can provide you with more info.

Cheers,
Marc

On Sat, Dec 02, 2000 at 03:06:10PM +0100, Tomaz Izanc wrote:
> 
> hello!
> 
> How can I setup kern.securelevel to 0 or -1 ?
> in rc.conf i have setup :
> 
> kern_securelevel="0"
> kern_securelevel_enable="YES"
> 
> but nothing..
> bash-2.04$ sysctl kern.securelevel
> kern.securelevel: 1
> 
> and if I go to :
> shutdown now
> I have also kern.securelevel: 1
> .....
> why all this..
> I want to change flags for /kernel
> 
> su-2.04# chflags noschg /kernel
> chflags: /kernel: Operation not permitted
> su-2.04#
> 
> so if anyone has some words for me pls.
> brgd,
> Tomaz


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message