Port-arm archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Lowering securelevel

Bummer. I've totally missed the part "Lower securelevels require the kernel to be compiled with options INSECURE, causing it to always default to securelevel -1."

Checking GENERIC reveals amd64 has INSECURE build in, evbarm not. Perfect explanation.

Thanks for the heads up.


Am 30.04.20 um 22:39 schrieb Harold Gutch:
On Thu, Apr 30, 2020 at 10:29:51PM +0200, Ede Wolf wrote:

I am trying to lower my securelevel and I seem to be stuck. Contrary to
amd64, setting both or either securelevel=-1 in rc.conf and
kern.securelevel=-1 in sysctl.conf, after booting I am always ending up
with good old securelevel of 1.

This behaviour is somewhat different from what I am experiencing on the
amd64 port. Where I have interesting results with different value in
rc.conf and sysctl.conf. But different story.

What are my options to get down to 0 or -1 on my cubietruck?

You'll need to compile your own kernel with "options INSECURE", see
also "man secmodel_securelevel".

If it's about loading modules, modules.conf is evaluated before the
securelevel is raised from 0 to 1.


Home | Main Index | Thread Index | Old Index