Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 6 Jun 2001 13:30:25 +0200 (CEST)
From:      Konrad Heuer <kheuer@gwdu60.gwdg.de>
To:        Neil Darlow <neil@darlow.co.uk>
Cc:        Questions <freebsd-questions@FreeBSD.ORG>
Subject:   Re: Disabling kern.securelevel?
Message-ID:  <20010606132458.T1764-100000@gwdu60.gwdg.de>
In-Reply-To: <20010606.11174600@ideal.darlow.co.uk>

next in thread | previous in thread | raw e-mail | index | archive | help

On Wed, 6 Jun 2001, Neil Darlow wrote:

> I understand the benefits of running with kern.securelevel > 0 but
> I am finding that it gets in the way when applying patches.
>
> Is there any way, other than reboot, to change kern.securelevel back
> to 0?

No, the secure level can't be lowered. It would be nice to be able to
lower it in single user mode but I guess the kernel has no chance to
figure out without doubt whether the system is in single user mode or
not.

> I've been doing some security updates recently and I've had to do
> the following:
>
> 1) Disable securelevel in /etc/rc.conf
> 2) Reboot
> 3) Install patches (for files with schg set)
> 4) Enable securelevel in /etc/rc.conf
> 5) Reboot
>
> Two reboots seems excessive. I can understand the need to do one if
> libc or the kernel has been updated.
>
> Is there another way?

You don't kneed to change /etc/rc.conf. Reboot the system into single user
mode by rebooting and interrupting the boot countdown `Booting [kernel] in
=2E..  seconds ...' via pressing the space bar and enter the command:

=09boot -s

Mount all local file systems by

=09mount -a -t ufs

and apply the patches and type

=09exit

to start into multi user mode.

Konrad Heuer                                    Personal Bookmarks:
Gesellschaft f=FCr wissenschaftliche
   Datenverarbeitung mbH G=D6ttingen              http://www.freebsd.org
Am Fa=DFberg, D-37077 G=D6ttingen                   http://www.daemonnews.o=
rg
Deutschland (Germany)

kheuer@gwdu60.gwdg.de


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010606132458.T1764-100000>