Securelevel


securelevel is a security mechanism in *BSD kernels, which can optionally restrict certain capabilities. Securelevel is controlled by a sysctl variable kern.securelevel. This value is an integer, which set to a value > 0 enables certain class of restrictions. Any superuser process can raise securelevel, but only init process can lower it.
When used with FreeBSD jails, each jail maintains its own securelevel in addition to the global securelevel. When evaluated, the higher of the two securelevels will be used. This allows the host environment to run at a lower securelevel than jails, so that it can manipulate file flags that the jails may not be able to.
When compiled with options REGRESSION, a new sysctl is added to the FreeBSD kernel that allows the securelevel to be lowered for the purposes of automated regression testing.
Securelevel is not to be confused with runlevel.

Definitions

On OpenBSD the securelevels are defined as follows: