freebsd and securelevel question

Oliver Fromme olli at lurza.secnetix.de
Fri May 11 11:17:33 UTC 2007


Gót András <andrej at antiszoc.hu> wrote:
 > So. The simple question is: Why FreeBSD has securelevel 0 if init sets it
 > to 1, if it sees at boot that the level is 0? :) It's OK that it's in the
 > manual, but there are two default ways to set securelevel at boot time
 > also. I don't really get the point of this forced 0 to 1 changing.

The reason is so that /etc/rc and all of the related
startup scripts can run at level 0, which might be
necessary for various reasons, and afterwards the
level is autmatically increased to 1.

If you don't want that, you should leave the level
at the default of -1.

 > We'd like to use our machines with securelevel 0 by default, so I had
 > comment out the relevant two lines from init.c.

Uhm, could you please explain why you want to do that?
It doesn't make sense.

Note that level -1 behaves exactly the same as level 0
(i.e. no restrictions at all), the only difference is
that -1 prevents the automatic increase to level 1 when
the system goes multi-user.

So, if you want to run permanently without restrictions,
then you should leave the secure level at the default
value of -1.

It's all explained in the init(8) manual page.

Best regards
   Oliver

-- 
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606,  Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758,  Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart

FreeBSD-Dienstleistungen, -Produkte und mehr:  http://www.secnetix.de/bsd

"Documentation is like sex; when it's good, it's very, very good,
and when it's bad, it's better than nothing."
        -- Dick Brandon


More information about the freebsd-stable mailing list