Re: changing kernsecurelevel

From: Erick Mechler (emechler@techometer.net)
Date: 01/06/01


Date: Fri, 5 Jan 2001 18:20:40 -0800
From: Erick Mechler <emechler@techometer.net>
To: Peter Brezny <peter@sysadmin-inc.com>

You can't change the securelevel to anything lower without rebooting
the machine, but you can raise it. If you could lower it using some
userland command, it won't really be that secure, no?

From the securelevel manpage:

     The kernel runs with four different levels of security. Any super-user
     process can raise the security level, but no process can lower it.

The securelevel definitions are also on the same manpage.

Regards,
Erick

At Fri, Jan 05, 2001 at 08:49:21PM -0800, Peter Brezny said this:
:: How can I change the sysctl kern.securelevel from 2 to -1 without rebooting
:: the machine.
::
:: I've run into problems installing new kernels with a kernelsecure level of
:: 2, but so far, the only way I've figured out to change the kernel secure
:: level is to modify rc.conf, changing the secure level and rebooting the
:: machine.
::
:: How do i accomplish this without a reboot, or, if i am going at it all
:: wrong, how do i rebuild the kernel of a machine with a kern.securelevel=2?
::
:: TIA
::
:: Peter Brezny
:: SysAdmin Services Inc.
::
::
::
:: To Unsubscribe: send mail to majordomo@FreeBSD.org
:: with "unsubscribe freebsd-security" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Relevant Pages

  • Re: start up scripts stopped working
    ... You seem to have set your security level quite high. ... rebooting and then setting your security level through sysctl (I ... I commented out the securelevel stuff as well. ... commenting out the securelevel resolved the issue. ...
    (freebsd-questions)
  • Re: start up scripts stopped working
    ... You seem to have set your security level quite high. ... rebooting and then setting your security level through sysctl (I ... I commented out the securelevel stuff as well. ... commenting out the securelevel resolved the issue. ...
    (freebsd-questions)
  • Re: start up scripts stopped working
    ... You seem to have set your security level quite high. ... could be worth a try commenting out the securelevel lines and ... rebooting and then setting your security level through sysctl (I ... I commented out the securelevel stuff as well. ...
    (freebsd-questions)
  • Re: changing kernsecurelevel
    ... > How can I change the sysctl kern.securelevel from 2 to -1 without rebooting ... If this is such a problem, don't raise the securelevel. ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
  • Re: make install error
    ... Now I've again compiled custom kernel. ... That sounds to me as if you're running at a raised securelevel -- if: ... settings, in order to install your new kernel, you should reboot to ... Then you need to reboot to single user mode *again* to check that the ...
    (freebsd-questions)