Date: Wed, 6 Sep 2000 07:20:04 -0700 (PDT) From: Bruce Evans <bde@zeta.org.au> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/20974: securelevel not reset when going to single user mode Message-ID: <200009061420.HAA86805@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/20974; it has been noted by GNATS. From: Bruce Evans <bde@zeta.org.au> To: Sheldon Hearn <sheldonh@uunet.co.za> Cc: freebsd-gnats-submit@freebsd.org Subject: Re: bin/20974: securelevel not reset when going to single user mode Date: Thu, 7 Sep 2000 01:11:19 +1100 (EST) On Tue, 5 Sep 2000, Sheldon Hearn wrote: > On Tue, 05 Sep 2000 06:07:23 +1100, Bruce Evans wrote: > > > Some more updates are needed. > > As far as this PR is concerned, about the best improvement I can think > of for the securelevel misunderstanding is included below. I don't > think that the manual page is lacking right now, but this patch causes > it to state the situation explicitly. I meant something like the following: --- diff -c2 init.8~ init.8 *** init.8~ Thu Sep 7 01:04:21 2000 --- init.8 Thu Sep 7 01:06:54 2000 *************** *** 135,147 **** .El .Pp ! If the security level is initially -1, then .Nm leaves it unchanged. Otherwise, .Nm ! arranges to run the system in level 0 mode while single-user ! and in level 1 mode while multi-user. ! If level 2 mode is desired while running multi-user, ! it can be set while single-user, e.g., in the startup script .Pa /etc/rc , using --- 135,149 ---- .El .Pp ! If the security level is initially nonzero, then .Nm leaves it unchanged. Otherwise, .Nm ! raises the level to 1 before going multi-user for the first time. ! No process can reduce the level, so it will be at least 1 for ! subsequent operation, even on return to single-user. ! If a level higher than 1 is desired while running multi-user, ! it can be set while single-user for the first time, ! e.g., in the startup script .Pa /etc/rc , using --- Init no longer even attempts to lower the level, and the example of switching to level 2 rotted when we implemented level 3. Please improve my wording if possible. Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009061420.HAA86805>