Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 7 Aug 1996 21:44:11 +0200
From:      roberto@keltia.freenix.fr (Ollivier Robert)
To:        freebsd-hackers@freebsd.org
Subject:   Re: Q:Meanings of kern.securelevel values
Message-ID:  <199608071944.VAA21484@keltia.freenix.fr>
In-Reply-To: <130FC92520A@netadmin.lp.lviv.ua>; from Adrian Pavlykevych on Aug 6, 1996 14:02:03 %2B0200
References:  	<130FC92520A@netadmin.lp.lviv.ua>
next in thread | previous in thread | raw e-mail | index | archive | help 
According to Adrian Pavlykevych:
> Can someone from kernel whizards list valid values for 
> kern.securelevel, with their possible applications and implications?

Extract from init(8):

     process can raise the security level, but only init can lower it.  Secu-
     rity levels are defined as follows:

     -1    Permanently insecure mode - always run system in level 0 mode.

     0     Insecure mode - immutable and append-only flags may be turned off.
           All devices may be read or written subject to their permissions.

     1     Secure mode - immutable and append-only flags may not be changed;
           disks for mounted filesystems, /dev/mem, and /dev/kmem are read-
           only.

     2     Highly secure mode - same as secure mode, plus disks are always
           read-only whether mounted or not.  This level precludes tampering
           with filesystems by unmounting them, but also inhibits running
           newfs(8) while the system is multi-user.

     Normally, the system runs in level 0 mode while single user and in level
     1 mode while multiuser.  If the level 2 mode is desired while running
     multiuser, it can be set in the startup script /etc/rc using sysctl(8).
     If it is desired to run the system in level 0 mode while multiuser, the
     administrator must build a kernel with the variable securelevel defined
     in the file /sys/compile/MACHINE/param.c and initialize it to -1.

> installation (firewall, router) and   what steps in OS configuration  are
> necessary to use it (changing file permitions, immutable flags etc.).
 
-- 
Ollivier ROBERT    -=- The daemon is FREE! -=-    roberto@keltia.freenix.fr
FreeBSD keltia.freenix.fr 2.2-CURRENT #17: Fri Aug  2 20:40:17 MET DST 1996

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608071944.VAA21484>