You can't change the securelevel to anything lower without rebooting
the machine, but you can raise it. If you could lower it using some
userland command, it won't really be that secure, no?

From the securelevel manpage:

     The kernel runs with four different levels of security. Any super-user
     process can raise the security level, but no process can lower it.

The securelevel definitions are also on the same manpage.

Regards,
Erick

At Fri, Jan 05, 2001 at 08:49:21PM -0800, Peter Brezny said this:
:: How can I change the sysctl kern.securelevel from 2 to -1 without rebooting
:: the machine.
::
:: I've run into problems installing new kernels with a kernelsecure level of
:: 2, but so far, the only way I've figured out to change the kernel secure
:: level is to modify rc.conf, changing the secure level and rebooting the
:: machine.
::
:: How do i accomplish this without a reboot, or, if i am going at it all
:: wrong, how do i rebuild the kernel of a machine with a kern.securelevel=2?
::
:: TIA
::
:: Peter Brezny
:: SysAdmin Services Inc.
::
::
::
:: To Unsubscribe: send mail to majordomoFreeBSD.org
:: with "unsubscribe freebsd-security" in the body of the message

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]