system updates, as affected by securelevel
Chuck Swiger
cswiger at mac.com
Sat Nov 18 21:33:01 PST 2006
Darrel wrote:
> With OpenBSD securelevel=2 I can install a kernel, make build, and
> install programs which are compiled using Systrace.
>
> What is the highest securelevel that I can configure on RELENG_6_2
> which will not affect compiling and installing; e.g., perhaps not
> much local difference but having to reboot for a firewall change?
> This installation is new and the AUDIT option will be in the kernel.
securelevel = 0.
Because the kernel is installed using the schg flag: if you have securelevel
set to 1 or higher, you will not be able to over-write the kernel without
rebooting into single-user mode. See "man init" for details.
[ Of course, reinstalling the kernel and/or world is something which you are
encouraged to do under single-user mode... ]
--
-Chuck
More information about the freebsd-questions
mailing list