Date: Sun, 19 Nov 2006 00:32:55 -0500 From: Chuck Swiger <cswiger@mac.com> To: Darrel <levitch@iglou.com> Cc: questions@freebsd.org Subject: Re: system updates, as affected by securelevel Message-ID: <455FEC87.6030007@mac.com> In-Reply-To: <Pine.GSO.4.61.0611181618200.1912@shell1> References: <Pine.GSO.4.61.0611181618200.1912@shell1>
next in thread | previous in thread | raw e-mail | index | archive | help
Darrel wrote: > With OpenBSD securelevel=2 I can install a kernel, make build, and > install programs which are compiled using Systrace. > > What is the highest securelevel that I can configure on RELENG_6_2 > which will not affect compiling and installing; e.g., perhaps not > much local difference but having to reboot for a firewall change? > This installation is new and the AUDIT option will be in the kernel. securelevel = 0. Because the kernel is installed using the schg flag: if you have securelevel set to 1 or higher, you will not be able to over-write the kernel without rebooting into single-user mode. See "man init" for details. [ Of course, reinstalling the kernel and/or world is something which you are encouraged to do under single-user mode... ] -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?455FEC87.6030007>