Securelevel

Securelevel

Securelevel is a security mechanism in *BSD kernels, which can optionally restrict certain capabilities. Securelevel is controlled by a sysctl variable kern.securelevel. This value is an integer, which set to a value > 0 enables certain class of restrictions. Any superuser process can raise securelevel, but only init process (and not even that on FreeBSD) can lower it.

When used with FreeBSD jails, each jail maintains its own securelevel in addition to the global securelevel. When evaluated, the higher of the two securelevels will be used. This allows the host environment to run at a lower securelevel than jails, so that it can manipulate file flags that the jails may not be able to.

Note: When compiled with options REGRESSION, a new sysctl is added to the FreeBSD kernel that allows the securelevel to be lowered for the purposes of automated regression testing.

Securelevel is not to be confused with runlevel.

External links

* [http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/security.html#SECURELEVEL Securelevel in FreeBSD Handbook]


Wikimedia Foundation. 2010.

Игры ⚽ Поможем сделать НИР

Look at other dictionaries:

  • Init — (short for initialization ) is the program on Unix and Unix like systems that all other processes. It runs as a daemon and typically has PID 1.The functionality diverged, in Unixes such as System III and System V, from the functionality provided… …   Wikipedia

  • FreeBSD jail — The FreeBSD jail mechanism is an implementation of operating system level virtualization that allows administrators to partition a FreeBSD based computer system into several independent mini systems called jails .The need for the FreeBSD jails… …   Wikipedia

  • Sysctl — is an interface for examining and dynamically changing parameters in a BSD Unix (or Linux) operating system kernel. Generally, these parameters (identified as objects in a Management Information Base) describe tunable limits such as the size of a …   Wikipedia

  • Sysctl — est une interface qui permet d examiner et de modifier dynamiquement les paramètres des systèmes d exploitation BSD et Linux. L implémentation en est très différente entre les deux systèmes. Sur BSD, ces paramètres sont en général, des objets d… …   Wikipédia en Français

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”