Only set kern.securelevel=1 if it was not lowered nor bumped by

rc.securelevel, with deraadt@
author: ajacoutot <ajacoutot@openbsd.org> 2014-07-14 09:44:07 +0000
committer: ajacoutot <ajacoutot@openbsd.org> 2014-07-14 09:44:07 +0000
commit: 07f21ec83e96e423fe189973a5a7137e35826b22 (patch)
tree: 6c38e9696baaede3c153141ae422a0579150f2ad
parent: Consistency. (diff)
download: wireguard-openbsd-07f21ec83e96e423fe189973a5a7137e35826b22.tar.xz
wireguard-openbsd-07f21ec83e96e423fe189973a5a7137e35826b22.zip
1 files changed, 5 insertions, 2 deletions
diff --git a/etc/rc b/etc/rc
index 20be0ffba2a..2bf6c3b5e7a 100644
--- a/etc/rc
+++ b/etc/rc
@@ -1,4 +1,4 @@
-#	$OpenBSD: rc,v 1.431 2014/07/14 09:04:02 deraadt Exp $
+#	$OpenBSD: rc,v 1.432 2014/07/14 09:44:07 ajacoutot Exp $
 
 # System startup script run by init on autoboot
 # or after single-user.
@@ -458,7 +458,10 @@ echo clearing /tmp
 setup_X_sockets
 
 [ -f /etc/rc.securelevel ] && sh /etc/rc.securelevel
-sysctl kern.securelevel=1
+# rc.securelevel did not specifically set -1 or 2, so select the default: 1
+if [ `sysctl -n kern.securelevel` -eq 0 ]; then
+	sysctl kern.securelevel=1
+endif
 
 # patch /etc/motd
 if [ ! -f /etc/motd ]; then
author	ajacoutot <ajacoutot@openbsd.org>	2014-07-14 09:44:07 +0000
committer	ajacoutot <ajacoutot@openbsd.org>	2014-07-14 09:44:07 +0000
commit	07f21ec83e96e423fe189973a5a7137e35826b22 (patch)
tree	6c38e9696baaede3c153141ae422a0579150f2ad
parent	Consistency. (diff)
download	wireguard-openbsd-07f21ec83e96e423fe189973a5a7137e35826b22.tar.xz wireguard-openbsd-07f21ec83e96e423fe189973a5a7137e35826b22.zip