> if you have root privileges you can just write some random bytes in some
> places and this will be enough to break your system. So, restricting
> some gpart's or zpool's actions depending from securelevel looks like
> protection from kids.

Having root under securelevel 3 confirmed disallows you to:
1) Direct write to the block devices such as (a)da
2) Change rules and/or shutdown pf
3) Remove system flags such as schg, sunlnk

I think your statement true in case of securelevel -1, we're talking about
the highest one - 3, which shown in logs.
freebsd-current@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Reply via email to