FreeBSD kernel doesn't allow any process to decrease securelevel. So,

init(8) cannot decrease securelevel. The manual page explains this and single_user() doesn't try to downgrade kernel to insecure mode. Reviewed by: bde (manual page)
2026-05-28 04:12:45 -04:00 · 1999-09-06 08:41:32 +00:00 · 1999-09-06 08:41:32 +00:00 · a4edcf8989
commit a4edcf8989
parent 8e76f3f49a
2 changed files with 1 additions and 8 deletions
--- a/sbin/init/init.8
+++ b/sbin/init/init.8
@ -92,8 +92,7 @@ is marked as
 .Dq secure .
 .Pp
 The kernel runs with four different levels of security.
-Any super-user process can raise the security level, but only 
-.Nm
+Any super-user process can raise the security level, but no process
 can lower it.
 The security levels are:
 .Bl -tag -width flag
--- a/sbin/init/init.c
+++ b/sbin/init/init.c
@ -623,12 +623,6 @@ single_user()
 	char altshell[128];
 #endif

-	/*
-	 * If the kernel is in secure mode, downgrade it to insecure mode.
-	 */
-	if (getsecuritylevel() > 0)
-		setsecuritylevel(0);
-
 	if (Reboot) {
 		/* Instead of going single user, let's reboot the machine */
 		sync();