When you mount a vnd you're mounting from a block device (and reading the
code for sys_mount if you try and mount at all with securelevel 2 it
refuses unless you're updating an existing one to r/o).

I'm actually not sure you can even do the remount from r/w -> r/o because
there's code making sure MNT_RELOAD only happens if the current mount is
r/o. So the check below it would never happen on an existing disk that's
mounted r/w and tries to update to r/o. I need to test to make sure though.

James

>
>
>On Wed, Oct 25, 2000 at 11:09:51PM -0400, Thor Lancelot Simon wrote:
>>On Wed, Oct 25, 2000 at 09:14:11PM -0400, jchacon@genuity.net wrote:
>>> Does securelevel 2 prevent you from mounting any new devices as well?
>>> 
>>> i.e. can I vnconfig and mount that file?
>>
>>You know, this discussion is rather frustrating to me because all of the
>>relevant details are pretty well documented.  I quote the init(8) manual
>>page:
>>
>>     2     Highly secure mode - same as secure mode, plus disks are always
>>           read-only whether mounted or not, new disks may not be mounted, and
>>           existing mounts may only be downgraded from read-write to read-on-
>>           ly.  This level precludes tampering with filesystems by unmounting
>>           them, but also inhibits running newfs(8) while the system is multi-
>>           user.
>
>it doesn't explicitly disallow vnconfig or mounting a vnd.  i suggest
>that either (a) that which is not expressly forbidden is allowed, or
>(b) the second instance of the word "disks" in the paragraph abocveve
>should be changed to "filesystems".
>
>-- 
>|-----< "CODE WARRIOR" >-----|
>codewarrior@daemon.org             * "ah!  i see you have the internet
>twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
>andrew@crossbar.com       * "information is power -- share the wealth."
>
>
>
>