Add rc.conf option to set kernel security level and modify "/etc/rc" to

use this.

Requested by: max, andreas

Note: This change just provides a convenient way to exercise existing
functionality.  Whether `kern.securelevel' is effective in increasing
system security is another issue, and one that has been well thrashed
out in the lists.

etc/rc

@@ -1,5 +1,5 @@
 #!/bin/sh
-#	$Id: rc,v 1.144 1998/05/26 20:12:45 sos Exp $
+#	$Id: rc,v 1.145 1998/06/02 11:02:16 phk Exp $
 #	From: @(#)rc	5.27 (Berkeley) 6/5/91
 
 # System startup script run by init on autoboot
@@ -316,5 +316,13 @@ fi
 # Do traditional (but rather obsolete) rc.local file if it exists.
 [ -f /etc/rc.local ] && sh /etc/rc.local
 
+# Raise kernel security level.  This should be done only after `fsck' has
+# repaired local file systems if you want the securelevel to be greater than 1.
+if [ "X${kern_securelevel_enable}" != X"NO" -a "${kern_securelevel}" -ge 0 ]; 
+then
+	echo 'Raising kernel security level'
+	sysctl -w kern.securelevel=${kern_securelevel}
+fi
+
 date
 exit 0

etc/rc.conf

@@ -6,7 +6,7 @@
 #
 # All arguments must be in double or single quotes.
 #
-#	$Id: rc.conf,v 1.50 1998/05/06 17:36:15 andreas Exp $
+#	$Id: rc.conf,v 1.51 1998/05/12 10:50:46 max Exp $
 
 ##############################################################
 ### Important initial Boot-time options  #####################
@@ -154,6 +154,8 @@ linux_enable="NO"	# Linux emulation loaded at startup (or NO).
 rand_irqs="NO"		# Stir the entropy pool (like "5 11" or NO).
 clear_tmp_enable="NO"	# Clear /tmp at startup.
 ldconfig_paths="/usr/lib/compat /usr/X11R6/lib /usr/local/lib" # shared library search paths
+kern_securelevel_enable="NO"	# kernel security level (see init(8)), 
+kern_securelevel="-1"	# range: -1..2 ; `-1' is the most insecure
 
 ##############################################################
 ### Allow local configuration override at the very end here ##