Date: Sun, 13 Jan 2013 06:21:55 +0000 (UTC) From: Eitan Adler <eadler@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r40606 - head/en_US.ISO8859-1/books/faq Message-ID: <201301130621.r0D6LtA5034885@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: eadler Date: Sun Jan 13 06:21:55 2013 New Revision: 40606 URL: http://svnweb.freebsd.org/changeset/doc/40606 Log: Update and clarify the securelevel question. Approved by: bcr (mentor) Modified: head/en_US.ISO8859-1/books/faq/book.xml Modified: head/en_US.ISO8859-1/books/faq/book.xml ============================================================================== --- head/en_US.ISO8859-1/books/faq/book.xml Sun Jan 13 06:19:54 2013 (r40605) +++ head/en_US.ISO8859-1/books/faq/book.xml Sun Jan 13 06:21:55 2013 (r40606) @@ -6538,13 +6538,12 @@ Key F15 A A Menu Wo </question> <answer> - <para>The securelevel is a security mechanism implemented in - the kernel. Basically, when the securelevel is positive, the + <para><literal>securelevel</literal> is a security + mechanism implemented in the kernel. When the securelevel + is positive, the kernel restricts certain tasks; not even the superuser - (i.e., <username>root</username>) is allowed to do them. At - the time of this writing, the securelevel mechanism is - capable of, among other things, limiting the ability - to:</para> + (i.e., <username>root</username>) is allowed to do them. + The securelevel mechanism limits the ability to:</para> <itemizedlist> <listitem> @@ -6571,17 +6570,15 @@ Key F15 A A Menu Wo <para>To check the status of the securelevel on a running system, simply execute the following command:</para> - <screen>&prompt.root; <userinput>sysctl kern.securelevel</userinput></screen> + <screen>&prompt.root; <userinput>sysctl -n kern.securelevel</userinput></screen> - <para>The output will contain the name of the &man.sysctl.8; - variable (in this case, <varname>kern.securelevel</varname>) - and a number. The latter is the current value of the + <para>The output contains the current value of the securelevel. If it is positive (i.e., greater than 0), at least some of the securelevel's protections are enabled.</para> - <para>You cannot lower the securelevel of a running system; - being able to do that would defeat its purpose. If you need + <para>The securelevel of a running system can not be + lowered as this would defeat its purpose. If you need to do a task that requires that the securelevel be non-positive (e.g., an <maketarget>installworld</maketarget> or changing the date), you will have to change the @@ -6618,12 +6615,8 @@ Key F15 A A Menu Wo mailing lists, particularly the &a.security;. Please search the archives <ulink url="&url.base;/search/index.html">here</ulink> for an - extensive discussion. Some people are hopeful that - securelevel will soon go away in favor of a more - fine-grained mechanism, but things are still hazy in this - respect.</para> - - <para>Consider yourself warned.</para> + extensive discussion. A more fine-grained mechanism + is preffered.</para> </warning> </answer> </qandaentry>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201301130621.r0D6LtA5034885>