diff options
author | Bruce Evans <bde@FreeBSD.org> | 1996-10-12 15:54:04 +0000 |
---|---|---|
committer | Bruce Evans <bde@FreeBSD.org> | 1996-10-12 15:54:04 +0000 |
commit | 2dab355e6bf62b126b14f478e8126774787aba19 (patch) | |
tree | 778114b9db41dadce781b002be932127cdf28fa2 /sys/sys/systm.h | |
parent | 38058917d5eacf4cbc980078d0563b2629a4697d (diff) | |
download | src-2dab355e6bf62b126b14f478e8126774787aba19.tar.gz src-2dab355e6bf62b126b14f478e8126774787aba19.zip |
Removed verbose comment about `securelevel'. It just duplicated part
of init.8 except for bugs and anachronisms.
Notes
Notes:
svn path=/head/; revision=18883
Diffstat (limited to 'sys/sys/systm.h')
-rw-r--r-- | sys/sys/systm.h | 31 |
1 files changed, 2 insertions, 29 deletions
diff --git a/sys/sys/systm.h b/sys/sys/systm.h index eff79f999025..c83384572e04 100644 --- a/sys/sys/systm.h +++ b/sys/sys/systm.h @@ -36,7 +36,7 @@ * SUCH DAMAGE. * * @(#)systm.h 8.7 (Berkeley) 3/29/95 - * $Id: systm.h,v 1.44 1996/09/13 09:20:15 bde Exp $ + * $Id: systm.h,v 1.45 1996/09/29 15:00:19 bde Exp $ */ #ifndef _SYS_SYSTM_H_ @@ -44,34 +44,7 @@ #include <machine/cpufunc.h> -/* - * The `securelevel' variable controls the security level of the system. - * It can only be decreased by process 1 (/sbin/init). - * - * Security levels are as follows: - * -1 permanently insecure mode - always run system in level 0 mode. - * 0 insecure mode - immutable and append-only flags make be turned off. - * All devices may be read or written subject to permission modes. - * 1 secure mode - immutable and append-only flags may not be changed; - * raw disks of mounted filesystems, /dev/mem, and /dev/kmem are - * read-only. - * 2 highly secure mode - same as (1) plus raw disks are always - * read-only whether mounted or not. This level precludes tampering - * with filesystems by unmounting them, but also inhibits running - * newfs while the system is secured. - * - * In normal operation, the system runs in level 0 mode while single user - * and in level 1 mode while multiuser. If level 2 mode is desired while - * running multiuser, it can be set in the multiuser startup script - * (/etc/rc.local) using sysctl(1). If it is desired to run the system - * in level 0 mode while multiuser, initialize the variable securelevel - * in /sys/kern/kern_sysctl.c to -1. Note that it is NOT initialized to - * zero as that would allow the kernel binary to be patched to -1. - * Without initialization, securelevel loads in the BSS area which only - * comes into existence when the kernel is loaded and hence cannot be - * patched by a stalking hacker. - */ -extern int securelevel; /* system security level */ +extern int securelevel; /* system security level (see init(8)) */ extern int cold; /* nonzero if we are doing a cold boot */ extern const char *panicstr; /* panic message */ |