j...@wxcvbn.org (Jeremie Courreges-Anglas) writes: > Looks like it's not completely obvious how to set a custom securelevel, > at least one user went the /etc/sysctl.conf way, which has the nasty > side-effect of preventing the use of /etc/pf.conf. > > Should we add more belts and suspenders?
Dunno if adding an example is the right direction, but the /etc/rc part would prevent people from shooting themselves in the foot. Index: rc =================================================================== RCS file: /cvs/src/etc/rc,v retrieving revision 1.486 diff -u -p -r1.486 rc --- rc 10 Jul 2016 09:08:18 -0000 1.486 +++ rc 24 Sep 2016 15:31:10 -0000 @@ -52,6 +52,12 @@ update_limit() { sysctl_conf() { stripcom /etc/sysctl.conf | while read _line; do + case $_line in + kern.securelevel=*) + echo "$_line ignored in /etc/sysctl.conf" + continue;; + esac + sysctl "$_line" case $_line in -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE