Date: Wed, 6 Jun 2001 13:30:25 +0200 (CEST) From: Konrad Heuer <kheuer@gwdu60.gwdg.de> To: Neil Darlow <neil@darlow.co.uk> Cc: Questions <freebsd-questions@FreeBSD.ORG> Subject: Re: Disabling kern.securelevel? Message-ID: <20010606132458.T1764-100000@gwdu60.gwdg.de> In-Reply-To: <20010606.11174600@ideal.darlow.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 6 Jun 2001, Neil Darlow wrote: > I understand the benefits of running with kern.securelevel > 0 but > I am finding that it gets in the way when applying patches. > > Is there any way, other than reboot, to change kern.securelevel back > to 0? No, the secure level can't be lowered. It would be nice to be able to lower it in single user mode but I guess the kernel has no chance to figure out without doubt whether the system is in single user mode or not. > I've been doing some security updates recently and I've had to do > the following: > > 1) Disable securelevel in /etc/rc.conf > 2) Reboot > 3) Install patches (for files with schg set) > 4) Enable securelevel in /etc/rc.conf > 5) Reboot > > Two reboots seems excessive. I can understand the need to do one if > libc or the kernel has been updated. > > Is there another way? You don't kneed to change /etc/rc.conf. Reboot the system into single user mode by rebooting and interrupting the boot countdown `Booting [kernel] in =2E.. seconds ...' via pressing the space bar and enter the command: =09boot -s Mount all local file systems by =09mount -a -t ufs and apply the patches and type =09exit to start into multi user mode. Konrad Heuer Personal Bookmarks: Gesellschaft f=FCr wissenschaftliche Datenverarbeitung mbH G=D6ttingen http://www.freebsd.org Am Fa=DFberg, D-37077 G=D6ttingen http://www.daemonnews.o= rg Deutschland (Germany) kheuer@gwdu60.gwdg.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010606132458.T1764-100000>