From owner-freebsd-bugs Sun Mar 2 21:30:04 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id VAA00518 for bugs-outgoing; Sun, 2 Mar 1997 21:30:04 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id VAA00512; Sun, 2 Mar 1997 21:30:02 -0800 (PST) Resent-Date: Sun, 2 Mar 1997 21:30:02 -0800 (PST) Resent-Message-Id: <199703030530.VAA00512@freefall.freebsd.org> Resent-From: gnats (GNATS Management) Resent-To: freebsd-bugs Resent-Reply-To: FreeBSD-gnats@freefall.FreeBSD.org, m-braithwaite@sjca.edu Received: from whorfin.sjca.edu (SHnubjtpsux51FWK93cedmTHF/BRIJ8G@whorfin.sjca.edu [199.89.180.2]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id VAA00465 for ; Sun, 2 Mar 1997 21:29:22 -0800 (PST) Received: from continuity.sjca.edu (slip-f.sjca.edu [199.89.180.254]) by whorfin.sjca.edu (8.8.5/8.8.5) with ESMTP id AAA18493 for ; Mon, 3 Mar 1997 00:29:14 -0500 (EST) Received: (mab@localhost) by continuity.sjca.edu (8.7.5/8.6.12) id AAA13107; Mon, 3 Mar 1997 00:30:36 -0500 (EST) Message-Id: <199703030530.AAA13107@continuity.sjca.edu> Date: Mon, 3 Mar 1997 00:30:36 -0500 (EST) From: mab@sjca.edu Reply-To: m-braithwaite@sjca.edu To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: docs/2850: init(8) man page does not document securelevel properly Sender: owner-bugs@freebsd.org X-Loop: FreeBSD.org Precedence: bulk >Number: 2850 >Category: docs >Synopsis: init(8) man page does not document securelevel properly >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Sun Mar 2 21:30:01 PST 1997 >Last-Modified: >Originator: Matt Braithwaite >Organization: Matt Braithwaite #!/bin/perl -s-- -export-a-crypto-system-sig -RSA-3-lines-PERL http:// $m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d*-^1[d2%Sa www.sjca.edu/ 2/d0Release: FreeBSD 2.1-STABLE i386 >Environment: true for -stable up to 2.1.7-RELEASE >Description: There are a couple problems with the documentation of kernel security levels: 1) The init(8) manual page states that the kernel boots at securelevel 0. This isn't true; by default it is set to -1. 2) The interface to changing the security level (editing /usr/src/sys/kern/kern_sysctl.h or something like that) is not documented. Also, the interface stinks, but this is supposed to be a doc bug. :-) 3) The manual page ought to warn that configuring a kernel to boot at securelevel 1 or 2 can cause autobooting to fail, because the kernel will not be able to do fsck on dirty filesystems. I speak from experience on this one. 4) Saying that securelevel can be raised to 2 in /etc/rc is a little vague. It ought to state at exactly what point in booting securelevel can be raised---like, say, right at the end. If you did it before the filesystem checks, things would be bad. That would be clueless of course, but... Really, there should be an /etc/sysconfig interface to securelevel; this would un-obfuscate things considerably. >How-To-Repeat: >Fix: >Audit-Trail: >Unformatted: