Date: Wed, 06 Jun 2001 09:07:12 -0400 From: Bill Moran <wmoran@iowna.com> To: Neil Darlow <neil@darlow.co.uk> Cc: Questions <freebsd-questions@freebsd.org> Subject: Re: Disabling kern.securelevel? Message-ID: <3B1E2B00.97D75D0A@iowna.com> References: <20010606.11174600@ideal.darlow.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Neil Darlow wrote: > > Hi, > > I understand the benefits of running with kern.securelevel > 0 but > I am finding that it gets in the way when applying patches. > > Is there any way, other than reboot, to change kern.securelevel back > to 0? > > I've been doing some security updates recently and I've had to do > the following: > > 1) Disable securelevel in /etc/rc.conf > 2) Reboot > 3) Install patches (for files with schg set) > 4) Enable securelevel in /etc/rc.conf > 5) Reboot In addition to comments by others, you can skip the last reboot, since you can always *raise* the securelevel. In other words, after fixing /etc/rc.conf (or not, if you follow other's advice) you simply use sysctl to set kern.securelevel where you want it. -Bill To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B1E2B00.97D75D0A>