After some thought about init(8) and securelevel (and a suggestion
from Sheldon Hearn) I believe a good compromise is to have the whole
"init(8) being able to lower the securelevel in single-user mode"
behaviour a boot variable in /boot/loader.conf.
This has the advantage of giving people who wish to lower the secure
level in maintenence mode what they want, without changing the default
behavior of FreeBSD.
Attached is a patch against -CURRENT from a few days ago (don't know
if it patches cleanly against -STABLE.)
Feedback welcome (for example, I'm not so happy with the boot variable
name...)
-Paul.
init_securelevel.patch.gz
