Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.cs.su.oz.au!inferno.mpx.com.au!news.ci.com.au!brian.telstra.net!news.telstra.net!nsw.news.telstra.net!news.syd.connect.com.au!news.mel.connect.com.au!news.mel.aone.net.au!news-out.internetmci.com!infeed2.internetmci.com!newsfeed.internetmci.com!ais.net!vixen.cso.uiuc.edu!newsrelay.iastate.edu!news.iastate.edu!idea.exnet.iastate.edu!flipk From: flipk@idea.exnet.iastate.edu (Phillip F Knaack) Newsgroups: comp.unix.bsd.openbsd.misc Subject: Re: securelevel bogosity Date: 12 Jul 1997 00:13:51 GMT Organization: Iowa State University, Ames, Iowa, USA Lines: 26 Message-ID: <5q6i7v$a83$1@news.iastate.edu> References: <5q6acj$rl5$3@newbabylon.rs.itd.umich.edu> NNTP-Posting-Host: idea.exnet.iastate.edu X-Newsreader: NN version 6.5.1.1 (NOV) Xref: euryale.cc.adfa.oz.au comp.unix.bsd.openbsd.misc:179 dugsong@umich.edu (Dug Song) writes: >so i built a kernel with option INSECURE and specified securelevel=0 >in /etc/rc.securelevel, and yet init still ends up setting >kern.securelevel to 1 (i'm not sure where or how, as it's not in >/etc/rc). i'm baffled. >what am i overlooking? It has been a while since I've played with securelevel stuff, but here's how I think it goes: anytime kern.securelevel is -1 (negative 1), then nothing automatic will raise it. This is also what option INSECURE does, to cause kern.securelevel to be -1 at boot. When you set it to 0 in rc.securelevel, you are bypassing INSECURE, and so it gets bumped to 1 at multiuser anyway. You need to leave kern.securelevel alone in rc.securelevel for it to stay at -1, i.e., comment out the sysctl command. Cheers, Phil -- Interoperation with matter-transporters using polar coordinate systems is discouraged, due to round-off and other algorithmic errors in certain ubiquitous floating-point implementations, leading to results which are best discreetly described as "disappointing." --RFC 1437