1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-12 09:58:36 +00:00

Fixes per PR 2850:

(a) Note that the default securelevel value is -1, in -current and -stable.
(b) Mention kernel sysctl variable that controls securelevel.
(c) Add warning the `fsck' will fail if securelevel >= 2.
(d) Suggest end of /etc/rc as the right place to raise securelevel.

and one spelling fix.

PR: 2850
This commit is contained in:
Joseph Koshy 1998-06-19 08:34:52 +00:00
parent ad5b0e8be6
commit 6ebaa024df
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/head/; revision=37055

View File

@ -33,7 +33,7 @@
.\" SUCH DAMAGE.
.\"
.\" @(#)init.8 8.3 (Berkeley) 4/18/94
.\" $Id: init.8,v 1.9 1997/04/01 20:41:04 mpp Exp $
.\" $Id: init.8,v 1.10 1997/08/02 00:22:48 davidn Exp $
.\"
.Dd April 18, 1994
.Dt INIT 8
@ -92,6 +92,7 @@ The security levels are:
.Bl -tag -width flag
.It Ic -1
Permanently insecure mode \- always run the system in level 0 mode.
This is the default initial value.
.It Ic 0
Insecure mode \- immutable and append-only flags may be turned off.
All devices may be read or written subject to their permissions.
@ -125,7 +126,10 @@ If level 2 mode is desired while running multiuser,
it can be set while single user, e.g., in the startup script
.Pa /etc/rc ,
using
.Xr sysctl 8 .
.Xr sysctl 8
to set the
.Dq kern.securelevel
variable to the required security level.
.Pp
In multi-user operation,
.Nm init
@ -241,7 +245,7 @@ signal, i.e.
This is useful for shutting the machine down cleanly from inside the kernel
or from X when the machine appears to be hung.
.Pp
When shuting down the machine,
When shutting down the machine,
.Nm init
will try to run the
.Pa /etc/rc.shutdown
@ -302,13 +306,22 @@ System shutdown commands.
.Xr halt 8 ,
.Xr rc 8 ,
.Xr reboot 8 ,
.Xr shutdown 8
.Xr shutdown 8 ,
.Xr sysctl 8
.Sh HISTORY
A
.Nm
command appeared in
.At v6 .
.Sh BUGS
.Sh CAVEATS
Systems without
.Xr sysctl
behave as though they have security level \-1.
.Pp
Setting the security level to 2 too early in the boot sequence can
prevent
.Xr fsck 8
from repairing inconsistent filesystems. The
preferred location to set the security level is at the end of
.Pa /etc/rc
after all multi-user startup actions are complete.