DFBSD 2.5.0 - securelevel not working?

Antonio Huete Jimenez ahuete.devel at gmail.com
Wed Oct 14 01:21:13 PDT 2009


Hi all,

Maybe I'm doing something wrong, but securelevel(8) seems to be non-working.
I've done the following:

# grep secure /etc/rc.conf
kern_securelevel="2"
# sysctl kern.securelevel
kern.securelevel: 2
# ktrace ./od
Descriptor is 3
# kdump -f ./ktrace.out
  ...
  892 od       CALL  open(0x8048687,O_RDWR,<unused>0x804977c)
  892 od       NAMI  "/dev/da0s1d"
  892 od       RET   open 3
  ...

I could open it for read-write! Following the definition in the
manpage for secure level 2:

"2     Highly secure mode - same as secure mode, plus disks may not be
        opened for writing (except by mount(2)) whether mounted or not.
        This level precludes tampering with file systems by unmounting
         them, but also inhibits running newfs(8) while the system is multi-
         user."

Am I missing something or securelevel is not working here?

Cheers,
Antonio Huete





More information about the Bugs mailing list