From 5ac1576b5b4eae8247d1cd3596f492a2977ba102 Mon Sep 17 00:00:00 2001
From: Eitan Adler <eadler@FreeBSD.org>
Date: Sun, 13 Jan 2013 06:21:55 +0000
Subject: [PATCH] Update and clarify the securelevel question.

Approved by:	bcr (mentor)
---
 en_US.ISO8859-1/books/faq/book.xml | 29 +++++++++++------------------
 1 file changed, 11 insertions(+), 18 deletions(-)

diff --git a/en_US.ISO8859-1/books/faq/book.xml b/en_US.ISO8859-1/books/faq/book.xml
index 7c057c2170..bb16120d36 100644
--- a/en_US.ISO8859-1/books/faq/book.xml
+++ b/en_US.ISO8859-1/books/faq/book.xml
@@ -6538,13 +6538,12 @@ Key F15        A        A        Menu Workplace Nop</programlisting>
 	</question>
 
 	<answer>
-	  <para>The securelevel is a security mechanism implemented in
-	    the kernel.  Basically, when the securelevel is positive, the
+	  <para><literal>securelevel</literal> is a security
+	    mechanism implemented in the kernel.  When the securelevel
+	    is positive, the
 	    kernel restricts certain tasks; not even the superuser
-	    (i.e., <username>root</username>) is allowed to do them.  At
-	    the time of this writing, the securelevel mechanism is
-	    capable of, among other things, limiting the ability
-	    to:</para>
+	    (i.e., <username>root</username>) is allowed to do them.
+	    The securelevel mechanism limits the ability to:</para>
 
 	  <itemizedlist>
 	    <listitem>
@@ -6571,17 +6570,15 @@ Key F15        A        A        Menu Workplace Nop</programlisting>
 	  <para>To check the status of the securelevel on a running
 	    system, simply execute the following command:</para>
 
-	  <screen>&prompt.root; <userinput>sysctl kern.securelevel</userinput></screen>
+	  <screen>&prompt.root; <userinput>sysctl -n kern.securelevel</userinput></screen>
 
-	  <para>The output will contain the name of the &man.sysctl.8;
-	    variable (in this case, <varname>kern.securelevel</varname>)
-	    and a number.  The latter is the current value of the
+	  <para>The output contains the current value of the
 	    securelevel.  If it is positive (i.e., greater than 0), at
 	    least some of the securelevel's protections are
 	    enabled.</para>
 
-	  <para>You cannot lower the securelevel of a running system;
-	    being able to do that would defeat its purpose.  If you need
+	  <para>The securelevel of a running system can not be
+	    lowered as this would defeat its purpose.  If you need
 	    to do a task that requires that the securelevel be
 	    non-positive (e.g., an <maketarget>installworld</maketarget>
 	    or changing the date), you will have to change the
@@ -6618,12 +6615,8 @@ Key F15        A        A        Menu Workplace Nop</programlisting>
 	      mailing lists, particularly the &a.security;.  Please
 	      search the archives <ulink
 		url="&url.base;/search/index.html">here</ulink> for an
-	      extensive discussion.  Some people are hopeful that
-	      securelevel will soon go away in favor of a more
-	      fine-grained mechanism, but things are still hazy in this
-	      respect.</para>
-
-	    <para>Consider yourself warned.</para>
+	      extensive discussion.  A more fine-grained mechanism
+	      is preffered.</para>
 	  </warning>
 	</answer>
       </qandaentry>