From owner-freebsd-bugs Wed Sep 6 7:20: 6 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 350C537B422 for ; Wed, 6 Sep 2000 07:20:04 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id HAA86805; Wed, 6 Sep 2000 07:20:04 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Date: Wed, 6 Sep 2000 07:20:04 -0700 (PDT) Message-Id: <200009061420.HAA86805@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: Bruce Evans Subject: Re: bin/20974: securelevel not reset when going to single user mode Reply-To: Bruce Evans Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The following reply was made to PR bin/20974; it has been noted by GNATS. From: Bruce Evans To: Sheldon Hearn Cc: freebsd-gnats-submit@freebsd.org Subject: Re: bin/20974: securelevel not reset when going to single user mode Date: Thu, 7 Sep 2000 01:11:19 +1100 (EST) On Tue, 5 Sep 2000, Sheldon Hearn wrote: > On Tue, 05 Sep 2000 06:07:23 +1100, Bruce Evans wrote: > > > Some more updates are needed. > > As far as this PR is concerned, about the best improvement I can think > of for the securelevel misunderstanding is included below. I don't > think that the manual page is lacking right now, but this patch causes > it to state the situation explicitly. I meant something like the following: --- diff -c2 init.8~ init.8 *** init.8~ Thu Sep 7 01:04:21 2000 --- init.8 Thu Sep 7 01:06:54 2000 *************** *** 135,147 **** .El .Pp ! If the security level is initially -1, then .Nm leaves it unchanged. Otherwise, .Nm ! arranges to run the system in level 0 mode while single-user ! and in level 1 mode while multi-user. ! If level 2 mode is desired while running multi-user, ! it can be set while single-user, e.g., in the startup script .Pa /etc/rc , using --- 135,149 ---- .El .Pp ! If the security level is initially nonzero, then .Nm leaves it unchanged. Otherwise, .Nm ! raises the level to 1 before going multi-user for the first time. ! No process can reduce the level, so it will be at least 1 for ! subsequent operation, even on return to single-user. ! If a level higher than 1 is desired while running multi-user, ! it can be set while single-user for the first time, ! e.g., in the startup script .Pa /etc/rc , using --- Init no longer even attempts to lower the level, and the example of switching to level 2 rotted when we implemented level 3. Please improve my wording if possible. Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message