Only set kern.securelevel=1 if it was not lowered nor bumped by

rc.securelevel,

with deraadt@

1 files changed, 5 insertions, 2 deletions

diff --git a/etc/rc b/etc/rc
index 20be0ffba2a..2bf6c3b5e7a 100644
--- a/etc/rc
+++ b/etc/rc
@@ -1,4 +1,4 @@
-#	$OpenBSD: rc,v 1.431 2014/07/14 09:04:02 deraadt Exp $
+#	$OpenBSD: rc,v 1.432 2014/07/14 09:44:07 ajacoutot Exp $
 
 # System startup script run by init on autoboot
 # or after single-user.
@@ -458,7 +458,10 @@ echo clearing /tmp
 setup_X_sockets
 
 [ -f /etc/rc.securelevel ] && sh /etc/rc.securelevel
-sysctl kern.securelevel=1
+# rc.securelevel did not specifically set -1 or 2, so select the default: 1
+if [ `sysctl -n kern.securelevel` -eq 0 ]; then
+	sysctl kern.securelevel=1
+endif
 
 # patch /etc/motd
 if [ ! -f /etc/motd ]; then