> Ulrich Windl writes:
> > Currently root can't change the securelevel; I'm afraid nobody can.
> > What about a way to "secure the securelevel"; that way root could
> > secure it, and then nobody could change it.
>
> Mind if I ask why this is needed?
>
> This is a real question: why can't the machine just be brought up at
> the right securelevel and be done with it? If it comes multiuser up
> at the wrong secure level isn't that a security problem in and of
> itself?
For those who think they'll need it, they can put it in their init
scripts (if it would work, of course), and those who don't care,
would not have to care.
>
> Or is there something that needs to be done during boot up that can't
> be done at the intended securelevel? [This would seem to indicate a
> flawed security model or flawed hardware.]
Currently my init does not set the securelevel, and I can't set it
either; that's what my message is about.
Why not allowing to set the securelevel by root as often as he/she
likes, until the securelevel is "fixed/frozen/secured"?
>
> --
> Raul
Ulrich