Re: securelevel 1

From: Paweł_Biernacki <kaktus_at_FreeBSD.org>
Date: Tue, 24 Oct 2023 11:08:37 UTC
Setting kern.securelevel to 1 makes the kernel to enforce the system-level immutable and append-only flags (see chflags(1/2)).
Unless you do something extra, syslogd will create new files without these flags and newsyslog will rotate them as expected.  

Hope that helps,
Paweł.


> On 24 Oct 2023, at 12:19, void <void@f-m.fm> wrote:
> 
> Hi,
> 
> I'd like to set append-only on an arm64 system running stable/14-n265566
> (so securelevel=1) but how would newsyslog(8) handle it? How will it rotate
> logs?
> 
> -- 
>