j...@wxcvbn.org (Jeremie Courreges-Anglas) writes:
> Looks like it's not completely obvious how to set a custom securelevel,
> at least one user went the /etc/sysctl.conf way, which has the nasty
> side-effect of preventing the use of /etc/pf.conf.
>
> Should we add more belts and suspenders?
Dunno if adding an example is the right direction, but the /etc/rc part
would prevent people from shooting themselves in the foot.
Index: rc
===================================================================
RCS file: /cvs/src/etc/rc,v
retrieving revision 1.486
diff -u -p -r1.486 rc
--- rc 10 Jul 2016 09:08:18 -0000 1.486
+++ rc 24 Sep 2016 15:31:10 -0000
@@ -52,6 +52,12 @@ update_limit() {
sysctl_conf() {
stripcom /etc/sysctl.conf |
while read _line; do
+ case $_line in
+ kern.securelevel=*)
+ echo "$_line ignored in /etc/sysctl.conf"
+ continue;;
+ esac
+
sysctl "$_line"
case $_line in
--
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
