Prevent modification of rules from securelevel 1
We would like to forbid any modification to the ruleset, as soon as the securelevel reaches 1.
With the current implementation (see https://git.hardenedbsd.org/hardenedbsd/secadm/-/blob/730801e051409d9a7382d5cab632557db3ee8f8a/kmod/secadm_sysctl.c) :
- from securelevel 1, operations 'del', 'enable' and 'disable' are forbidden
- from securelevel 2, operations 'flush', 'load' and 'add' are forbidden
So, for instance, the 'del' operation is not allowed with securelevel set to 1. But this can be circumvented: reloading a full ruleset with just one rule removed will have the same end result.
Would it be possible to simplify this policy so that all operations are forbidden as soon as the securelevel is set to 1?
Edited by CyberSecurity Airbus