From owner-cvs-all  Thu Sep 10 00:34:23 1998
Return-Path: <owner-cvs-all>
Received: (from daemon@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id AAA18198
          for cvs-all-outgoing; Thu, 10 Sep 1998 00:34:23 -0700 (PDT)
          (envelope-from owner-cvs-all)
Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.15.68.22])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA18189;
          Thu, 10 Sep 1998 00:34:18 -0700 (PDT)
          (envelope-from bde@godzilla.zeta.org.au)
Received: (from bde@localhost)
	by godzilla.zeta.org.au (8.8.7/8.8.7) id RAA01859;
	Thu, 10 Sep 1998 17:34:09 +1000
Date: Thu, 10 Sep 1998 17:34:09 +1000
From: Bruce Evans <bde@zeta.org.au>
Message-Id: <199809100734.RAA01859@godzilla.zeta.org.au>
To: cvs-all@FreeBSD.ORG, cvs-committers@FreeBSD.ORG, jraynard@FreeBSD.ORG
Subject: Re: cvs commit: src/etc rc
Sender: owner-cvs-all@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

>  Modified files:
>    etc                  rc 
>  Log:
>  Disable kernel_secure_level unless explicitly set in rc.conf.  Previously,
>  it was enabled unless explicitly unset, creating a pitfall for people
>  like me who upgraded /etc/rc without upgrading /etc/rc.conf.

The old code should have worked anyway, since it has two knobs (one
too many) - kern_securelevel_enable and kern_securelevel.  People who
upgraded /etc/rc without upgrading /etc/rc.conf should have had an unset
kern_securelevel, which should have prevented the kernel securelevel
bein set.  Why didn't it?

Bruce