DFBSD 2.5.0 - securelevel not working?
Maybe I'm doing something wrong, but securelevel(8) seems to be non-working.
I've done the following:
# grep secure /etc/rc.conf
# sysctl kern.securelevel
# ktrace ./od
Descriptor is 3
# kdump -f ./ktrace.out
892 od CALL open(0x8048687,O_RDWR,<unused>0x804977c)
892 od NAMI "/dev/da0s1d"
892 od RET open 3
I could open it for read-write! Following the definition in the
manpage for secure level 2:
"2 Highly secure mode - same as secure mode, plus disks may not be
opened for writing (except by mount(2)) whether mounted or not.
This level precludes tampering with file systems by unmounting
them, but also inhibits running newfs(8) while the system is multi-
Am I missing something or securelevel is not working here?
#2 Updated by tuxillo about 5 years ago
Can you please review this commit? It fixes the issue here, but maybe I'm
#3 Updated by tuxillo about 5 years ago
Changed to use securelevel variable instead functions as requested: