jimzah/freebsd-src
1
0
Fork 0
mirror of https://github.com/freebsd/freebsd-src.git synced 2024-11-29 21:52:45 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Fixes per PR 2850:

Browse Source 
(a) Note that the default securelevel value is -1, in -current and -stable.
(b) Mention kernel sysctl variable that controls securelevel.
(c) Add warning the `fsck' will fail if securelevel >= 2.
(d) Suggest end of /etc/rc as the right place to raise securelevel.

and one spelling fix.

PR: 2850
This commit is contained in:
Joseph Koshy 1998-06-19 08:34:52 +00:00
parent ad5b0e8be6
commit 6ebaa024df
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=37055
1 changed files with 18 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
sbin/init/init.8
View File

@ -33,7 +33,7 @@
.\" SUCH DAMAGE. .\" SUCH DAMAGE.
.\" .\"
.\" @(#)init.8 8.3 (Berkeley) 4/18/94 .\" @(#)init.8 8.3 (Berkeley) 4/18/94
.\" $Id: init.8,v 1.9 1997/04/01 20:41:04 mpp Exp $ .\" $Id: init.8,v 1.10 1997/08/02 00:22:48 davidn Exp $
.\" .\"
.Dd April 18, 1994 .Dd April 18, 1994
.Dt INIT 8 .Dt INIT 8
@ -92,6 +92,7 @@ The security levels are:
.Bl -tag -width flag .Bl -tag -width flag
.It Ic -1 .It Ic -1
Permanently insecure mode \- always run the system in level 0 mode. Permanently insecure mode \- always run the system in level 0 mode.
This is the default initial value.
.It Ic 0 .It Ic 0
Insecure mode \- immutable and append-only flags may be turned off. Insecure mode \- immutable and append-only flags may be turned off.
All devices may be read or written subject to their permissions. All devices may be read or written subject to their permissions.
@ -125,7 +126,10 @@ If level 2 mode is desired while running multiuser,
it can be set while single user, e.g., in the startup script it can be set while single user, e.g., in the startup script
.Pa /etc/rc , .Pa /etc/rc ,
using using
.Xr sysctl 8 . .Xr sysctl 8
to set the
.Dq kern.securelevel
variable to the required security level.
.Pp .Pp
In multi-user operation, In multi-user operation,
.Nm init .Nm init
@ -241,7 +245,7 @@ signal, i.e.
This is useful for shutting the machine down cleanly from inside the kernel This is useful for shutting the machine down cleanly from inside the kernel
or from X when the machine appears to be hung. or from X when the machine appears to be hung.
.Pp .Pp
When shuting down the machine, When shutting down the machine,
.Nm init .Nm init
will try to run the will try to run the
.Pa /etc/rc.shutdown .Pa /etc/rc.shutdown
@ -302,13 +306,22 @@ System shutdown commands.
.Xr halt 8 , .Xr halt 8 ,
.Xr rc 8 , .Xr rc 8 ,
.Xr reboot 8 , .Xr reboot 8 ,
.Xr shutdown 8 .Xr shutdown 8 ,
.Xr sysctl 8
.Sh HISTORY .Sh HISTORY
A A
.Nm .Nm
command appeared in command appeared in
.At v6 . .At v6 .
.Sh BUGS .Sh CAVEATS
Systems without Systems without
.Xr sysctl .Xr sysctl
behave as though they have security level \-1. behave as though they have security level \-1.
.Pp
Setting the security level to 2 too early in the boot sequence can
prevent
.Xr fsck 8
from repairing inconsistent filesystems. The
preferred location to set the security level is at the end of
.Pa /etc/rc
after all multi-user startup actions are complete.