Securelevel Explained

securelevel is a security mechanism in *BSD kernels, which can optionally restrict certain capabilities. Securelevel is controlled by the sysctl variable kern.securelevel. This value is an integer, which when set to a value > 0 enables certain classes of restrictions. Any superuser process can raise securelevel, but only the init process can lower it.

When used with FreeBSD jails, each jail maintains its own securelevel in addition to the global securelevel. When evaluated, the higher of the two securelevels will be used. This allows the host environment to run at a lower securelevel than jails, so that it can manipulate file flags that the jails may not be able to manipulate.

When compiled with the option REGRESSION, a new sysctl is added to the FreeBSD kernel that allows the securelevel to be lowered for the purposes of automated regression testing.

Definitions

On OpenBSD the securelevels are defined as follows:[1]

External links

Notes and References

  1. Web site: SECURELEVEL(7). OpenBSD manual pages.