From cfc3af2b90d9b43540d328bb174e8b479e75addd Mon Sep 17 00:00:00 2001 From: sheldonh Date: Tue, 12 Sep 2000 12:30:13 +0000 Subject: Clarify the handling of the securelevel. PR: 20974 --- sbin/init/init.8 | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) (limited to 'sbin/init/init.8') diff --git a/sbin/init/init.8 b/sbin/init/init.8 index 7c2fc1e..9604f7b 100644 --- a/sbin/init/init.8 +++ b/sbin/init/init.8 @@ -93,6 +93,8 @@ is marked as .Pp The kernel runs with four different levels of security. Any super-user process can raise the security level, but no process +(including +.Nm Ns ) can lower it. The security levels are: .Bl -tag -width flag @@ -134,21 +136,24 @@ cannot be changed and configuration cannot be adjusted. .El .Pp -If the security level is initially -1, then +If the security level is initially nonzero, then .Nm leaves it unchanged. Otherwise, .Nm -arranges to run the system in level 0 mode while single-user -and in level 1 mode while multi-user. -If level 2 mode is desired while running multi-user, -it can be set while single-user, e.g., in the startup script -.Pa /etc/rc , +raises the level to 1 before going multi-user for the first time. +No process, including +.Nm +itself, +can reduce the level, even on return to single-user. +If a level higher than 1 is desired while running multi-user, +it can be set before going multi-user, e.g., by the startup script +.Xr rc 8 , using -.Xr sysctl 8 +.Xr sysctl 8 to set the .Dq kern.securelevel -variable to the required security level. +variable to the required security level. .Pp In multi-user operation, .Nm -- cgit v1.1