FreeBSD Bugzilla – Attachment 55812 Details for
Bug 84266
[patch] security(8) manpage should have init(8)'s list of security levels
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
file.diff
file.diff (text/plain), 2.60 KB, created by
Gary W. Swearingen
on 2005-07-29 04:50:20 UTC
(
hide
)
Description:
file.diff
Filename:
MIME Type:
Creator:
Gary W. Swearingen
Created:
2005-07-29 04:50:20 UTC
Size:
2.60 KB
patch
obsolete
>--- /pr/work/init..orig.8 Thu Jul 28 19:59:24 2005 >+++ /pr/work/init.8 Thu Jul 28 20:33:47 2005 >@@ -29,7 +29,7 @@ > .\" SUCH DAMAGE. > .\" > .\" @(#)init.8 8.3 (Berkeley) 4/18/94 >-.\" $FreeBSD: src/sbin/init/init.8,v 1.45 2004/07/22 10:38:13 keramida Exp $ >+.\" $FreeBSD: Exp $ > .\" > .Dd April 18, 1994 > .Dt INIT 8 >@@ -87,58 +87,9 @@ > is marked as > .Dq secure . > .Pp >-The kernel runs with five different levels of security. >-Any super-user process can raise the security level, but no process >-can lower it. >-The security levels are: >-.Bl -tag -width flag >-.It Ic -1 >-Permanently insecure mode \- always run the system in level 0 mode. >-This is the default initial value. >-.It Ic 0 >-Insecure mode \- immutable and append-only flags may be turned off. >-All devices may be read or written subject to their permissions. >-.It Ic 1 >-Secure mode \- the system immutable and system append-only flags may not >-be turned off; >-disks for mounted file systems, >-.Pa /dev/mem , >-.Pa /dev/kmem >-and >-.Pa /dev/io >-(if your platform has it) may not be opened for writing; >-kernel modules (see >-.Xr kld 4 ) >-may not be loaded or unloaded. >-.It Ic 2 >-Highly secure mode \- same as secure mode, plus disks may not be >-opened for writing (except by >-.Xr mount 2 ) >-whether mounted or not. >-This level precludes tampering with file systems by unmounting them, >-but also inhibits running >-.Xr newfs 8 >-while the system is multi-user. >-.Pp >-In addition, kernel time changes are restricted to less than or equal to one >-second. >-Attempts to change the time by more than this will log the message >-.Dq Time adjustment clamped to +1 second . >-.It Ic 3 >-Network secure mode \- same as highly secure mode, plus >-IP packet filter rules (see >-.Xr ipfw 8 , >-.Xr ipfirewall 4 >-and >-.Xr pfctl 8 ) >-cannot be changed and >-.Xr dummynet 4 >-or >-.Xr pf 4 >-configuration cannot be adjusted. >-.El >-.Pp >-If the security level is initially nonzero, then >+If the kernel security level (see >+.Xr security 7 ) >+is initially nonzero, then > .Nm > leaves it unchanged. > Otherwise, >@@ -161,9 +112,7 @@ > .Dq host system > will not be effected. > Part of the information set up in the kernel to support a jail >-is a per-jail >-.Dq securelevel >-setting. >+is a per-jail setting of the security level. > This allows running a higher security level inside of a jail > than that of the host system. > See >@@ -392,19 +341,13 @@ > .Xr kill 1 , > .Xr login 1 , > .Xr sh 1 , >-.Xr dummynet 4 , >-.Xr ipfirewall 4 , >-.Xr kld 4 , >-.Xr pf 4 , > .Xr ttys 5 , >-.Xr crash 8 , > .Xr getty 8 , > .Xr halt 8 , >-.Xr ipfw 8 , > .Xr jail 8 , >-.Xr pfctl 8 , > .Xr rc 8 , > .Xr reboot 8 , >+.Xr security 7 , > .Xr shutdown 8 , > .Xr sysctl 8 > .Sh HISTORY
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=55812">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 84266
:
55811
| 55812