>Synopsis: pfctl -T show not permitted when kern.securelevel=2
>Category: kernel
>Environment:
System : OpenBSD 6.0
Details : OpenBSD 6.0 (GENERIC.MP) #2319: Tue Jul 26 13:00:43 MDT
2016
[email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
Architecture: OpenBSD.amd64
Machine : amd64
>Description:
When attempting to list the contents of a pf table and the
kernel is set to securelevel 2, pfctl -T show fails with
`Operation not permitted'. pfctl -vT show works as expected.
>How-To-Repeat:
# sysctl kern.securelevel
kern.securelevel=1
# pfctl -t test -T add 198.51.100.81
1 table created.
1/1 addresses added.
# pfctl -t test -T show
198.51.100.81
# pfctl -t test -vT show
198.51.100.81
Cleared: Sat Feb 25 22:57:50 2017
# sysctl kern.securelevel=2
kern.securelevel: 1 -> 2
# pfctl -t test -T show
pfctl: Operation not permitted.
# pfctl -t test -vT show
198.51.100.81
Cleared: Sat Feb 25 22:57:50 2017
