From owner-freebsd-stable Thu Dec 14 11:35:34 2000 From owner-freebsd-stable@FreeBSD.ORG Thu Dec 14 11:35:32 2000 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from sdmail0.sd.bmarts.com (sdmail0.sd.bmarts.com [192.215.234.86]) by hub.freebsd.org (Postfix) with SMTP id 039F737B400 for ; Thu, 14 Dec 2000 11:35:32 -0800 (PST) Received: (qmail 29456 invoked by uid 1078); 14 Dec 2000 19:35:41 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 14 Dec 2000 19:35:41 -0000 Date: Thu, 14 Dec 2000 11:35:41 -0800 (PST) From: Gordon Tetlow X-Sender: gordont@sdmail0.sd.bmarts.com To: Darren Henderson Cc: freebsd-stable@FreeBSD.ORG Subject: Re: securelevel and /etc/rc in 4.2S In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, 14 Dec 2000, Darren Henderson wrote: [snip] > Now my confussion... > > Shouldn't rc.sysctl be using the rc.conf kern_securelevel* settings instead > of waiting to set those at the end of rc? I think I can see where there > might be some conflicts if someone wants to run at 3 (unable to set firewall > rules etc) as the network configuration takes place after rc.sysctl. But > that could be accomedated in rc.sysctl (if 3 wanted then don't set or set to > 2) and rc.firewall (if 3 wanted set it after the rules have been read). I think the idea is that everything in /etc/rc* has free reign over the box (as it should) to configure everything and once the bootup is complete, we lock everything down tight. > Also, wouldn't it make more sense for /etc/defaults/rc.conf to at least set > "YES" and 0? Unless I'm missing something, "YES" and 0 is the same as "NO" and -1. -gordon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message