Securelevel
Encyclopedia
Securelevel is a security mechanism in *BSD
kernels, which can optionally restrict certain capabilities. Securelevel is controlled by a sysctl
variable kern.securelevel. This value is an integer, which set to a value > 0 enables certain class of restrictions. Any superuser
process can raise securelevel, but only init
process (and not even that on FreeBSD
) can lower it.
When used with FreeBSD jail
s, each jail maintains its own securelevel in addition to the global securelevel. When evaluated, the higher of the two securelevels will be used. This allows the host environment to run at a lower securelevel than jails, so that it can manipulate file flags that the jails may not be able to.
Note: When compiled with options REGRESSION, a new sysctl is added to the FreeBSD kernel that allows the securelevel to be lowered for the purposes of automated regression testing.
Securelevel is not to be confused with runlevel
.
Berkeley Software Distribution
Berkeley Software Distribution is a Unix operating system derivative developed and distributed by the Computer Systems Research Group of the University of California, Berkeley, from 1977 to 1995...
kernels, which can optionally restrict certain capabilities. Securelevel is controlled by a sysctl
Sysctl
Sysctl is an interface for examining and dynamically changing parameters in the BSD and Linux operating systems. The implementation mechanism in these two systems is very different....
variable kern.securelevel. This value is an integer, which set to a value > 0 enables certain class of restrictions. Any superuser
Superuser
On many computer operating systems, the superuser is a special user account used for system administration. Depending on the operating system, the actual name of this account might be: root, administrator or supervisor....
process can raise securelevel, but only init
Init
init is a program for Unix-based computer operating systems that spawns all other processes. It runs as a daemon and typically has PID 1. The boot loader starts the kernel and the kernel starts init...
process (and not even that on FreeBSD
FreeBSD
FreeBSD is a free Unix-like operating system descended from AT&T UNIX via BSD UNIX. Although for legal reasons FreeBSD cannot be called “UNIX”, as the direct descendant of BSD UNIX , FreeBSD’s internals and system APIs are UNIX-compliant...
) can lower it.
When used with FreeBSD jail
FreeBSD Jail
The FreeBSD jail mechanism is an implementation of operating system-level virtualization that allows administrators to partition a FreeBSD-based computer system into several independent mini-systems called jails....
s, each jail maintains its own securelevel in addition to the global securelevel. When evaluated, the higher of the two securelevels will be used. This allows the host environment to run at a lower securelevel than jails, so that it can manipulate file flags that the jails may not be able to.
Note: When compiled with options REGRESSION, a new sysctl is added to the FreeBSD kernel that allows the securelevel to be lowered for the purposes of automated regression testing.
Securelevel is not to be confused with runlevel
Runlevel
The term runlevel refers to a mode of operation in one of the computer operating systems that implement Unix System V-style initialization. Conventionally, seven runlevels exist, numbered from zero to six; though up to ten, from zero to nine, may be used. S is sometimes used as a synonym for one...
.