From owner-freebsd-stable  Thu Dec 14 12:12:22 2000
From owner-freebsd-stable@FreeBSD.ORG  Thu Dec 14 12:12:19 2000
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from kci.kciLink.com (kci.kciLink.com [204.117.82.1])
	by hub.freebsd.org (Postfix) with ESMTP id 90C7237B400
	for <freebsd-stable@FreeBSD.ORG>; Thu, 14 Dec 2000 12:12:19 -0800 (PST)
Received: from yertle.kciLink.com (yertle.kciLink.com [208.184.13.195])
	by kci.kciLink.com (Postfix) with ESMTP
	id 0C672C9CA; Thu, 14 Dec 2000 15:12:19 -0500 (EST)
Received: from onceler.kciLink.com (onceler.kciLink.com [208.184.13.196])
	by yertle.kciLink.com (Postfix) with ESMTP
	id 76BD52E443; Thu, 14 Dec 2000 15:12:11 -0500 (EST)
Received: (from khera@localhost)
	by onceler.kciLink.com (8.11.1/8.11.1) id eBEKCB225632;
	Thu, 14 Dec 2000 15:12:11 -0500 (EST)
	(envelope-from khera)
From: Vivek Khera <khera@kciLink.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <14905.10651.337010.841105@onceler.kciLink.com>
Date: Thu, 14 Dec 2000 15:12:11 -0500
To: Darren Henderson <darren@bmv.state.me.us>
Cc: Gordon Tetlow <gordont@bluemtn.net>, freebsd-stable@FreeBSD.ORG
Subject: Re: securelevel and /etc/rc in 4.2S
In-Reply-To: <Pine.A41.4.21.0012141445100.17862-100000@katahdin.bmv.state.me.us>
References: <Pine.BSF.4.05.10012141129420.8189-100000@sdmail0.sd.bmarts.com>
	<Pine.A41.4.21.0012141445100.17862-100000@katahdin.bmv.state.me.us>
X-Mailer: VM 6.86 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

>>>>> "DH" == Darren Henderson <darren@bmv.state.me.us> writes:

DH> I'm unclear on init's statement regarding raising from 0 to 1
DH> however, that must take place after rc finishes. Which rather
DH> implies to me that to run at

We had a big discussion about the man page a while back...  It actually
makes sense and describes the implementation correctly now.

DH> This brings me back to /etc/defaults/rc.conf. Just seems like it
DH> would be a lot more reasonable to have the relevant values set to
DH> "YES" and 0 given the observed behavior with "NO" and -1 (ie
DH> running at -1).

But if you're running at securelevel >0, you cannot load kernel
modules.  This breaks stuff unless you pre-compile every feature you
ever use into your kernel, or pre-load them at boot time.  This is for
things like vnconfig, etc., that load modules on demand.

Personally, I run some machines at securelevel 2, and others at -1
just because of this.

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Vivek Khera, Ph.D.                Khera Communications, Inc.
Internet: khera@kciLink.com       Rockville, MD       +1-240-453-8497
AIM: vivekkhera Y!: vivek_khera   http://www.khera.org/~vivek/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message