Moved descriptions of securelevels from init(7) to security(7).

Files used both "securelevel" and either "secure level" or
"security level"; all are now "security level".

PR:             docs/84266
Submitted by:   garys
Approved by:    keramida
MFC after:      3 days

1 files changed, 5 insertions, 62 deletions

diff --git a/sbin/init/init.8 b/sbin/init/init.8
index 563f3c0..6c39343 100644
--- a/sbin/init/init.8
+++ b/sbin/init/init.8
@@ -87,58 +87,9 @@ The password check is skipped if the
 is marked as
 .Dq secure .
 .Pp
-The kernel runs with five different levels of security.
-Any super-user process can raise the security level, but no process
-can lower it.
-The security levels are:
-.Bl -tag -width flag
-.It Ic -1
-Permanently insecure mode \- always run the system in level 0 mode.
-This is the default initial value.
-.It Ic 0
-Insecure mode \- immutable and append-only flags may be turned off.
-All devices may be read or written subject to their permissions.
-.It Ic 1
-Secure mode \- the system immutable and system append-only flags may not
-be turned off;
-disks for mounted file systems,
-.Pa /dev/mem ,
-.Pa /dev/kmem
-and
-.Pa /dev/io
-(if your platform has it) may not be opened for writing;
-kernel modules (see
-.Xr kld 4 )
-may not be loaded or unloaded.
-.It Ic 2
-Highly secure mode \- same as secure mode, plus disks may not be
-opened for writing (except by
-.Xr mount 2 )
-whether mounted or not.
-This level precludes tampering with file systems by unmounting them,
-but also inhibits running
-.Xr newfs 8
-while the system is multi-user.
-.Pp
-In addition, kernel time changes are restricted to less than or equal to one
-second.
-Attempts to change the time by more than this will log the message
-.Dq Time adjustment clamped to +1 second .
-.It Ic 3
-Network secure mode \- same as highly secure mode, plus
-IP packet filter rules (see
-.Xr ipfw 8 ,
-.Xr ipfirewall 4
-and
-.Xr pfctl 8 )
-cannot be changed and
-.Xr dummynet 4
-or
-.Xr pf 4
-configuration cannot be adjusted.
-.El
-.Pp
-If the security level is initially nonzero, then
+If the system security level (see
+.Xr security 7 )
+is initially nonzero, then
 .Nm
 leaves it unchanged.
 Otherwise,
@@ -161,9 +112,7 @@ is run in a jail, the security level of the
 .Dq host system
 will not be effected.
 Part of the information set up in the kernel to support a jail
-is a per-jail
-.Dq securelevel
-setting.
+is a per-jail security level.
 This allows running a higher security level inside of a jail
 than that of the host system.
 See
@@ -392,19 +341,13 @@ a persistent device error condition.
 .Xr kill 1 ,
 .Xr login 1 ,
 .Xr sh 1 ,
-.Xr dummynet 4 ,
-.Xr ipfirewall 4 ,
-.Xr kld 4 ,
-.Xr pf 4 ,
 .Xr ttys 5 ,
-.Xr crash 8 ,
 .Xr getty 8 ,
 .Xr halt 8 ,
-.Xr ipfw 8 ,
 .Xr jail 8 ,
-.Xr pfctl 8 ,
 .Xr rc 8 ,
 .Xr reboot 8 ,
+.Xr security 7 ,
 .Xr shutdown 8 ,
 .Xr sysctl 8
 .Sh HISTORY