Date: Thu, 14 Dec 2000 15:12:11 -0500 From: Vivek Khera <khera@kciLink.com> To: Darren Henderson <darren@bmv.state.me.us> Cc: Gordon Tetlow <gordont@bluemtn.net>, freebsd-stable@FreeBSD.ORG Subject: Re: securelevel and /etc/rc in 4.2S Message-ID: <14905.10651.337010.841105@onceler.kciLink.com> In-Reply-To: <Pine.A41.4.21.0012141445100.17862-100000@katahdin.bmv.state.me.us> References: <Pine.BSF.4.05.10012141129420.8189-100000@sdmail0.sd.bmarts.com> <Pine.A41.4.21.0012141445100.17862-100000@katahdin.bmv.state.me.us>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> "DH" == Darren Henderson <darren@bmv.state.me.us> writes: DH> I'm unclear on init's statement regarding raising from 0 to 1 DH> however, that must take place after rc finishes. Which rather DH> implies to me that to run at We had a big discussion about the man page a while back... It actually makes sense and describes the implementation correctly now. DH> This brings me back to /etc/defaults/rc.conf. Just seems like it DH> would be a lot more reasonable to have the relevant values set to DH> "YES" and 0 given the observed behavior with "NO" and -1 (ie DH> running at -1). But if you're running at securelevel >0, you cannot load kernel modules. This breaks stuff unless you pre-compile every feature you ever use into your kernel, or pre-load them at boot time. This is for things like vnconfig, etc., that load modules on demand. Personally, I run some machines at securelevel 2, and others at -1 just because of this. -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Vivek Khera, Ph.D. Khera Communications, Inc. Internet: khera@kciLink.com Rockville, MD +1-240-453-8497 AIM: vivekkhera Y!: vivek_khera http://www.khera.org/~vivek/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14905.10651.337010.841105>