Subject: Re: order in rc.d/sysctl
To: Markus Kurek <firstname.lastname@example.org>
From: Jason R Thorpe <email@example.com>
Date: 07/16/2000 13:39:38
On Sun, Jul 16, 2000 at 10:32:59PM +0200, Markus Kurek wrote:
> Is there a specific reason we raise the kernel securelevel
> in /etc/rc.d/sysctl before the sysctl variables are set?
> With a "secure" kernel it is impossible to change
> net.inet.ip.forwsrcrt and perhaps some more variables
> defined in /etc/sysctl.conf .
> Or should I define this in the kernel option file?
> Is this the "right" way?
> Why do we forbid changing this variable at all?
> With securelevel=1 I can change net.inet.ip.forwarding
> net.inet.ip.allowsrcrt and many more important settings.
However, at securelevel 2, you shouldn't be able to change any of those.
These probably need to be looked over again.
-- Jason R. Thorpe <firstname.lastname@example.org>