Securelevel (original) (raw)

securelevel is a security mechanism in *BSD kernels, which can optionally restrict certain capabilities. Securelevel is controlled by the sysctl variable kern.securelevel. This value is an integer, which when set to a value > 0 enables certain classes of restrictions. Any superuser process can raise securelevel, but only the init process can lower it. When compiled with the option REGRESSION, a new sysctl is added to the FreeBSD kernel that allows the securelevel to be lowered for the purposes of automated regression testing.