Date: Thu, 14 Dec 2000 12:04:59 -0500 (EST) From: Darren Henderson <darren@bmv.state.me.us> To: freebsd-stable@FreeBSD.ORG Subject: securelevel and /etc/rc in 4.2S Message-ID: <Pine.A41.4.21.0012141127510.24088-100000@katahdin.bmv.state.me.us> In-Reply-To: <20001214152635.B16808@wiliam.alcove-int>
next in thread | previous in thread | raw e-mail | index | archive | help
I have some (probably misplaced) confussion with the order things are handled in... /etc/rc executes /etc/rc.sysctrl (which pulls in /etc/sysctl.conf), there is a comment that says that we want to set the sysctl variables as soon as we can" which makes sense. Quite a bit later, at the end of /etc/rc, we check to see if kern_securelevel_enable has been enabled and if kern_securelevel -ge 0 then set it accordingly. /etc/defaults/rc.conf sets kern_securelevel_enabled to "NO" and kern_securelevel to -1. man init tells us that if securelevel is initially non-zero its left alone otherwise it is raised to 1 before going multiuser. As I recall, after an install an /etc/rc.conf is present that sets kern_securelevel_enabled to "YES" and kern_securelevel to 1. Now my confussion... Shouldn't rc.sysctl be using the rc.conf kern_securelevel* settings instead of waiting to set those at the end of rc? I think I can see where there might be some conflicts if someone wants to run at 3 (unable to set firewall rules etc) as the network configuration takes place after rc.sysctl. But that could be accomedated in rc.sysctl (if 3 wanted then don't set or set to 2) and rc.firewall (if 3 wanted set it after the rules have been read). Also, wouldn't it make more sense for /etc/defaults/rc.conf to at least set "YES" and 0? ________________________________________________________________________ Darren Henderson darren@bmv.state.me.us darren.henderson@state.me.us To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.A41.4.21.0012141127510.24088-100000>