Clarify the handling of the securelevel.

PR: 20974
svn path=/head/; revision=65773
2024-12-03 19:08:58 +00:00 · 2000-09-12 12:30:13 +00:00 · 2000-09-12 12:30:13 +00:00 · 67b661fd0a · 2020-12-20 02:59:44 +00:00
commit 67b661fd0a
parent 0c893d623c
1 changed files with 13 additions and 8 deletions
--- a/sbin/init/init.8
+++ b/sbin/init/init.8
@ -93,6 +93,8 @@ is marked as
 .Pp
 The kernel runs with four different levels of security.
 Any super-user process can raise the security level, but no process
+(including
+.Nm Ns )
 can lower it.
 The security levels are:
 .Bl -tag -width flag
@ -134,21 +136,24 @@ cannot be changed and
 configuration cannot be adjusted.
 .El
 .Pp
-If the security level is initially -1, then
+If the security level is initially nonzero, then
 .Nm
 leaves it unchanged.
 Otherwise,
 .Nm
-arranges to run the system in level 0 mode while single-user
-and in level 1 mode while multi-user.
-If level 2 mode is desired while running multi-user,
-it can be set while single-user, e.g., in the startup script
-.Pa /etc/rc ,
+raises the level to 1 before going multi-user for the first time.
+No process, including
+.Nm
+itself,
+can reduce the level, even on return to single-user.
+If a level higher than 1 is desired while running multi-user,
+it can be set before going multi-user, e.g., by the startup script
+.Xr rc 8 ,
 using
-.Xr sysctl 8 
+.Xr sysctl 8
 to set the 
 .Dq kern.securelevel
-variable to the required security level.  
+variable to the required security level.
 .Pp
 In multi-user operation, 
 .Nm