Only set kern.securelevel=1 if it was not lowered nor bumped by

author ajacoutot <ajacoutot@openbsd.org>

Mon, 14 Jul 2014 09:44:07 +0000 (09:44 +0000)

committer ajacoutot <ajacoutot@openbsd.org>

Mon, 14 Jul 2014 09:44:07 +0000 (09:44 +0000)
author ajacoutot <ajacoutot@openbsd.org>
Mon, 14 Jul 2014 09:44:07 +0000 (09:44 +0000)
committer ajacoutot <ajacoutot@openbsd.org>
Mon, 14 Jul 2014 09:44:07 +0000 (09:44 +0000)
diff --git a/etc/rc b/etc/rc

index 20be0ff..2bf6c3b 100644 (file)
--- a/etc/rc
+++ b/etc/rc
@@ -1,4 +1,4 @@
-#      $OpenBSD: rc,v 1.431 2014/07/14 09:04:02 deraadt Exp $
+#      $OpenBSD: rc,v 1.432 2014/07/14 09:44:07 ajacoutot Exp $
  
  # System startup script run by init on autoboot
  # or after single-user.
@@ -458,7 +458,10 @@ echo clearing /tmp
  setup_X_sockets
  
  [ -f /etc/rc.securelevel ] && sh /etc/rc.securelevel
-sysctl kern.securelevel=1
+# rc.securelevel did not specifically set -1 or 2, so select the default: 1
+if [ `sysctl -n kern.securelevel` -eq 0 ]; then
+       sysctl kern.securelevel=1
+endif
  
  # patch /etc/motd
  if [ ! -f /etc/motd ]; then
author	ajacoutot <ajacoutot@openbsd.org>
	Mon, 14 Jul 2014 09:44:07 +0000 (09:44 +0000)
committer	ajacoutot <ajacoutot@openbsd.org>
	Mon, 14 Jul 2014 09:44:07 +0000 (09:44 +0000)