From a4edcf8989d18df5a070a25013d012a69e25f9ac Mon Sep 17 00:00:00 2001
From: KATO Takenori <kato@FreeBSD.org>
Date: Mon, 6 Sep 1999 08:41:32 +0000
Subject: [PATCH] FreeBSD kernel doesn't allow any process to decrease
 securelevel. So, init(8) cannot decrease securelevel.  The manual page
 explains this and single_user() doesn't try to downgrade kernel to insecure
 mode.

Reviewed by:	bde (manual page)
---
 sbin/init/init.8 | 3 +--
 sbin/init/init.c | 6 ------
 2 files changed, 1 insertion(+), 8 deletions(-)

diff --git a/sbin/init/init.8 b/sbin/init/init.8
index e7aa9acd7f44..d779c0e6f831 100644
--- a/sbin/init/init.8
+++ b/sbin/init/init.8
@@ -92,8 +92,7 @@ is marked as
 .Dq secure .
 .Pp
 The kernel runs with four different levels of security.
-Any super-user process can raise the security level, but only 
-.Nm
+Any super-user process can raise the security level, but no process
 can lower it.
 The security levels are:
 .Bl -tag -width flag
diff --git a/sbin/init/init.c b/sbin/init/init.c
index 0e870939f15b..75287b5d4e4c 100644
--- a/sbin/init/init.c
+++ b/sbin/init/init.c
@@ -623,12 +623,6 @@ single_user()
 	char altshell[128];
 #endif
 
-	/*
-	 * If the kernel is in secure mode, downgrade it to insecure mode.
-	 */
-	if (getsecuritylevel() > 0)
-		setsecuritylevel(0);
-
 	if (Reboot) {
 		/* Instead of going single user, let's reboot the machine */
 		sync();