current-users: Re: order in rc.d/sysctl

Subject: Re: order in rc.d/sysctl
To: Markus Kurek <kurek@unidui.uni-duisburg.de>
From: Jason R Thorpe <thorpej@zembu.com>
List: current-users
Date: 07/16/2000 13:39:38

On Sun, Jul 16, 2000 at 10:32:59PM +0200, Markus Kurek wrote:

 > Is there a specific reason we raise the kernel securelevel
 > in /etc/rc.d/sysctl before the sysctl variables are set?
 > 
 > With a "secure" kernel it is impossible to change 
 > net.inet.ip.forwsrcrt and perhaps some more variables
 > defined in /etc/sysctl.conf .
 > 
 > Or should I define this in the kernel option file?
 > Is this the "right" way?
 > 
 > Why do we forbid changing this variable at all?
 > With securelevel=1 I can change  net.inet.ip.forwarding
 > net.inet.ip.allowsrcrt  and many more important settings.

However, at securelevel 2, you shouldn't be able to change any of those.
These probably need to be looked over again.

-- 
        -- Jason R. Thorpe <thorpej@zembu.com>