Looks like it's not completely obvious how to set a custom securelevel,
at least one user went the /etc/sysctl.conf way, which has the nasty
side-effect of preventing the use of /etc/pf.conf.
Should we add more belts and suspenders?
Index: rc
===================================================================
RCS file: /cvs/src/etc/rc,v
retrieving revision 1.486
diff -u -p -r1.486 rc
--- rc 10 Jul 2016 09:08:18 -0000 1.486
+++ rc 24 Sep 2016 15:31:10 -0000
@@ -52,6 +52,12 @@ update_limit() {
sysctl_conf() {
stripcom /etc/sysctl.conf |
while read _line; do
+ case $_line in
+ kern.securelevel=*)
+ echo "$_line ignored in /etc/sysctl.conf"
+ continue;;
+ esac
+
sysctl "$_line"
case $_line in
Index: examples/rc.securelevel
===================================================================
RCS file: /cvs/src/etc/examples/rc.securelevel,v
retrieving revision 1.3
diff -u -p -r1.3 rc.securelevel
--- examples/rc.securelevel 14 Jul 2014 10:15:33 -0000 1.3
+++ examples/rc.securelevel 24 Sep 2016 15:24:13 -0000
@@ -7,3 +7,7 @@
# which should be done AFTER your system has gone into securemode
# please see /etc/rc.local.
#
+
+
+# If you want to set a custom securelevel, do so here.
+#sysctl kern.securelevel=2
--
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
