svn commit: r40606 - head/en_US.ISO8859-1/books/faq

Eitan Adler eadler at FreeBSD.org
Sun Jan 13 06:21:55 UTC 2013 

Author: eadler
Date: Sun Jan 13 06:21:55 2013
New Revision: 40606
URL: http://svnweb.freebsd.org/changeset/doc/40606

Log:
  Update and clarify the securelevel question.
  
  Approved by:	bcr (mentor)

Modified:
  head/en_US.ISO8859-1/books/faq/book.xml

Modified: head/en_US.ISO8859-1/books/faq/book.xml
==============================================================================
--- head/en_US.ISO8859-1/books/faq/book.xml	Sun Jan 13 06:19:54 2013	(r40605)
+++ head/en_US.ISO8859-1/books/faq/book.xml	Sun Jan 13 06:21:55 2013	(r40606)
@@ -6538,13 +6538,12 @@ Key F15        A        A        Menu Wo
 	</question>
 
 	<answer>
-	  <para>The securelevel is a security mechanism implemented in
-	    the kernel.  Basically, when the securelevel is positive, the
+	  <para><literal>securelevel</literal> is a security
+	    mechanism implemented in the kernel.  When the securelevel
+	    is positive, the
 	    kernel restricts certain tasks; not even the superuser
-	    (i.e., <username>root</username>) is allowed to do them.  At
-	    the time of this writing, the securelevel mechanism is
-	    capable of, among other things, limiting the ability
-	    to:</para>
+	    (i.e., <username>root</username>) is allowed to do them.
+	    The securelevel mechanism limits the ability to:</para>
 
 	  <itemizedlist>
 	    <listitem>
@@ -6571,17 +6570,15 @@ Key F15        A        A        Menu Wo
 	  <para>To check the status of the securelevel on a running
 	    system, simply execute the following command:</para>
 
-	  <screen>&prompt.root; <userinput>sysctl kern.securelevel</userinput></screen>
+	  <screen>&prompt.root; <userinput>sysctl -n kern.securelevel</userinput></screen>
 
-	  <para>The output will contain the name of the &man.sysctl.8;
-	    variable (in this case, <varname>kern.securelevel</varname>)
-	    and a number.  The latter is the current value of the
+	  <para>The output contains the current value of the
 	    securelevel.  If it is positive (i.e., greater than 0), at
 	    least some of the securelevel's protections are
 	    enabled.</para>
 
-	  <para>You cannot lower the securelevel of a running system;
-	    being able to do that would defeat its purpose.  If you need
+	  <para>The securelevel of a running system can not be
+	    lowered as this would defeat its purpose.  If you need
 	    to do a task that requires that the securelevel be
 	    non-positive (e.g., an <maketarget>installworld</maketarget>
 	    or changing the date), you will have to change the
@@ -6618,12 +6615,8 @@ Key F15        A        A        Menu Wo
 	      mailing lists, particularly the &a.security;.  Please
 	      search the archives <ulink
 		url="&url.base;/search/index.html">here</ulink> for an
-	      extensive discussion.  Some people are hopeful that
-	      securelevel will soon go away in favor of a more
-	      fine-grained mechanism, but things are still hazy in this
-	      respect.</para>
-
-	    <para>Consider yourself warned.</para>
+	      extensive discussion.  A more fine-grained mechanism
+	      is preffered.</para>
 	  </warning>
 	</answer>
       </qandaentry>

More information about the svn-doc-head mailing list