From 07f21ec83e96e423fe189973a5a7137e35826b22 Mon Sep 17 00:00:00 2001
From: ajacoutot <ajacoutot@openbsd.org>
Date: Mon, 14 Jul 2014 09:44:07 +0000
Subject: [PATCH] Only set kern.securelevel=1 if it was not lowered nor bumped
 by rc.securelevel,

with deraadt@
---
 etc/rc | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/etc/rc b/etc/rc
index 20be0ffba2a..2bf6c3b5e7a 100644
--- a/etc/rc
+++ b/etc/rc
@@ -1,4 +1,4 @@
-#	$OpenBSD: rc,v 1.431 2014/07/14 09:04:02 deraadt Exp $
+#	$OpenBSD: rc,v 1.432 2014/07/14 09:44:07 ajacoutot Exp $
 
 # System startup script run by init on autoboot
 # or after single-user.
@@ -458,7 +458,10 @@ echo clearing /tmp
 setup_X_sockets
 
 [ -f /etc/rc.securelevel ] && sh /etc/rc.securelevel
-sysctl kern.securelevel=1
+# rc.securelevel did not specifically set -1 or 2, so select the default: 1
+if [ `sysctl -n kern.securelevel` -eq 0 ]; then
+	sysctl kern.securelevel=1
+endif
 
 # patch /etc/motd
 if [ ! -f /etc/motd ]; then
-- 
2.20.1