os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Update and clarify the securelevel question.

Browse source 
Approved by:	bcr (mentor)
This commit is contained in:
Eitan Adler 2013-01-13 06:21:55 +00:00
parent feaa7e5a4e
commit 5ac1576b5b
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=40606
1 changed files with 11 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
en_US.ISO8859-1/books/faq/book.xml
View file

@ -6538,13 +6538,12 @@ Key F15 A A Menu Workplace Nop</programlisting>
</question> </question>
<answer> <answer>
<para>The securelevel is a security mechanism implemented in <para><literal>securelevel</literal> is a security
the kernel. Basically, when the securelevel is positive, the mechanism implemented in the kernel. When the securelevel
is positive, the
kernel restricts certain tasks; not even the superuser kernel restricts certain tasks; not even the superuser
(i.e., <username>root</username>) is allowed to do them. At (i.e., <username>root</username>) is allowed to do them.
the time of this writing, the securelevel mechanism is The securelevel mechanism limits the ability to:</para>
capable of, among other things, limiting the ability
to:</para>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
@ -6571,17 +6570,15 @@ Key F15 A A Menu Workplace Nop</programlisting>
<para>To check the status of the securelevel on a running <para>To check the status of the securelevel on a running
system, simply execute the following command:</para> system, simply execute the following command:</para>
<screen>&prompt.root; <userinput>sysctl kern.securelevel</userinput></screen> <screen>&prompt.root; <userinput>sysctl -n kern.securelevel</userinput></screen>
<para>The output will contain the name of the &man.sysctl.8; <para>The output contains the current value of the
variable (in this case, <varname>kern.securelevel</varname>)
and a number. The latter is the current value of the
securelevel. If it is positive (i.e., greater than 0), at securelevel. If it is positive (i.e., greater than 0), at
least some of the securelevel's protections are least some of the securelevel's protections are
enabled.</para> enabled.</para>
<para>You cannot lower the securelevel of a running system; <para>The securelevel of a running system can not be
being able to do that would defeat its purpose. If you need lowered as this would defeat its purpose. If you need
to do a task that requires that the securelevel be to do a task that requires that the securelevel be
non-positive (e.g., an <maketarget>installworld</maketarget> non-positive (e.g., an <maketarget>installworld</maketarget>
or changing the date), you will have to change the or changing the date), you will have to change the
@ -6618,12 +6615,8 @@ Key F15 A A Menu Workplace Nop</programlisting>
mailing lists, particularly the &a.security;. Please mailing lists, particularly the &a.security;. Please
search the archives <ulink search the archives <ulink
url="&url.base;/search/index.html">here</ulink> for an url="&url.base;/search/index.html">here</ulink> for an
extensive discussion. Some people are hopeful that extensive discussion. A more fine-grained mechanism
securelevel will soon go away in favor of a more is preffered.</para>
fine-grained mechanism, but things are still hazy in this
respect.</para>
<para>Consider yourself warned.</para>
</warning> </warning>
</answer> </answer>
</qandaentry> </qandaentry>