From owner-freebsd-questions Wed Jun 6 4:17:52 2001 Delivered-To: freebsd-questions@freebsd.org Received: from router.darlow.co.uk (pc1-bigg2-0-cust221.lut.cable.ntl.com [62.255.179.221]) by hub.freebsd.org (Postfix) with ESMTP id C1C3837B403 for ; Wed, 6 Jun 2001 04:17:48 -0700 (PDT) (envelope-from neil@darlow.co.uk) Received: from ideal.darlow.co.uk (neil@ideal.darlow.co.uk [192.168.0.3]) by router.darlow.co.uk (8.11.1/8.11.1) with SMTP id f56BHkC62624 for ; Wed, 6 Jun 2001 12:17:47 +0100 (BST) (envelope-from neil@darlow.co.uk) From: Neil Darlow Date: Wed, 06 Jun 2001 11:17:46 GMT Message-ID: <20010606.11174600@ideal.darlow.co.uk> Subject: Disabling kern.securelevel? To: Questions X-Mailer: Mozilla/3.0 (compatible; StarOffice/5.2;Linux) X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, I understand the benefits of running with kern.securelevel > 0 but I am finding that it gets in the way when applying patches. Is there any way, other than reboot, to change kern.securelevel back to 0? I've been doing some security updates recently and I've had to do the following: 1) Disable securelevel in /etc/rc.conf 2) Reboot 3) Install patches (for files with schg set) 4) Enable securelevel in /etc/rc.conf 5) Reboot Two reboots seems excessive. I can understand the need to do one if libc or the kernel has been updated. Is there another way? Regards, Neil Darlow. -- 1024D/531F9048 1999-09-11 Neil Darlow Key fingerprint =3D 359D B8FF 6273 6C32 BEAA 43F9 E579 E24A 531F 9048 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message