Update and clarify the securelevel question.

Approved by: bcr (mentor)
svn path=/head/; revision=40606
2013-01-13 06:21:55 +00:00 · 2013-01-13 06:21:55 +00:00 · 5ac1576b5b · 2020-12-08 03:00:23 +00:00
commit 5ac1576b5b
parent feaa7e5a4e
1 changed files with 11 additions and 18 deletions
--- a/en_US.ISO8859-1/books/faq/book.xml
+++ b/en_US.ISO8859-1/books/faq/book.xml
@ -6538,13 +6538,12 @@ Key F15        A        A        Menu Workplace Nop</programlisting>
 	</question>

 	<answer>
-	  <para>The securelevel is a security mechanism implemented in
-	    the kernel.  Basically, when the securelevel is positive, the
+	  <para><literal>securelevel</literal> is a security
+	    mechanism implemented in the kernel.  When the securelevel
+	    is positive, the
 	    kernel restricts certain tasks; not even the superuser
-	    (i.e., <username>root</username>) is allowed to do them.  At
-	    the time of this writing, the securelevel mechanism is
-	    capable of, among other things, limiting the ability
-	    to:</para>
+	    (i.e., <username>root</username>) is allowed to do them.
+	    The securelevel mechanism limits the ability to:</para>

 	  <itemizedlist>
 	    <listitem>
@ -6571,17 +6570,15 @@ Key F15        A        A        Menu Workplace Nop</programlisting>
 	  <para>To check the status of the securelevel on a running
 	    system, simply execute the following command:</para>

-	  <screen>&prompt.root; <userinput>sysctl kern.securelevel</userinput></screen>
+	  <screen>&prompt.root; <userinput>sysctl -n kern.securelevel</userinput></screen>

-	  <para>The output will contain the name of the &man.sysctl.8;
-	    variable (in this case, <varname>kern.securelevel</varname>)
-	    and a number.  The latter is the current value of the
+	  <para>The output contains the current value of the
 	    securelevel.  If it is positive (i.e., greater than 0), at
 	    least some of the securelevel's protections are
 	    enabled.</para>

-	  <para>You cannot lower the securelevel of a running system;
-	    being able to do that would defeat its purpose.  If you need
+	  <para>The securelevel of a running system can not be
+	    lowered as this would defeat its purpose.  If you need
 	    to do a task that requires that the securelevel be
 	    non-positive (e.g., an <maketarget>installworld</maketarget>
 	    or changing the date), you will have to change the
@ -6618,12 +6615,8 @@ Key F15        A        A        Menu Workplace Nop</programlisting>
 	      mailing lists, particularly the &a.security;.  Please
 	      search the archives <ulink
 		url="&url.base;/search/index.html">here</ulink> for an
-	      extensive discussion.  Some people are hopeful that
-	      securelevel will soon go away in favor of a more
-	      fine-grained mechanism, but things are still hazy in this
-	      respect.</para>
-
-	    <para>Consider yourself warned.</para>
+	      extensive discussion.  A more fine-grained mechanism
+	      is preffered.</para>
 	  </warning>
 	</answer>
      </qandaentry>