From 34edb026e5be2fa9fc11ab1fc42d1637eaddee80 Mon Sep 17 00:00:00 2001
From: elad <elad@NetBSD.org>
Date: Tue, 29 Dec 2009 17:07:17 +0000
Subject: [PATCH] Keep an internal variable indicating whether securelevel is
 present, and don't blindly try to get/set it. Prevents error messages that
 don't make sense if securelevel isn't supported by the kernel.

---
 sbin/init/init.c | 43 +++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 41 insertions(+), 2 deletions(-)

diff --git a/sbin/init/init.c b/sbin/init/init.c
index 98fc18139d6b..f57ee0f9a683 100644
--- a/sbin/init/init.c
+++ b/sbin/init/init.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: init.c,v 1.99 2009/11/22 18:40:26 mbalmer Exp $	*/
+/*	$NetBSD: init.c,v 1.100 2009/12/29 17:07:17 elad Exp $	*/
 
 /*-
  * Copyright (c) 1991, 1993
@@ -42,7 +42,7 @@ __COPYRIGHT("@(#) Copyright (c) 1991, 1993\
 #if 0
 static char sccsid[] = "@(#)init.c	8.2 (Berkeley) 4/28/95";
 #else
-__RCSID("$NetBSD: init.c,v 1.99 2009/11/22 18:40:26 mbalmer Exp $");
+__RCSID("$NetBSD: init.c,v 1.100 2009/12/29 17:07:17 elad Exp $");
 #endif
 #endif /* not lint */
 
@@ -170,8 +170,10 @@ void collect_child(pid_t, int);
 pid_t start_getty(session_t *);
 void transition_handler(int);
 void alrm_handler(int);
+int has_securelevel(void);
 void setsecuritylevel(int);
 int getsecuritylevel(void);
+int securelevel_present;
 int setupargv(session_t *, struct ttyent *);
 int clang;
 
@@ -324,6 +326,13 @@ main(int argc, char **argv)
 	(void)createsysctlnode();
 #endif /* !LETS_GET_SMALL && CHROOT*/
 
+	/*
+	 * Securelevel might not be supported by the kernel. Query for it, and
+	 * set a variable indicating whether we should attempt anything with it
+	 * or not.
+	 */
+	securelevel_present = has_securelevel();
+
 	/*
 	 * Start the state machine.
 	 */
@@ -480,6 +489,30 @@ disaster(int sig)
 	_exit(sig);		/* reboot */
 }
 
+/*
+ * Check if securelevel is present.
+ */
+int
+has_securelevel(void)
+{
+#ifdef KERN_SECURELVL
+	int name[2], curlevel;
+	size_t len;
+
+	name[0] = CTL_KERN;
+	name[1] = KERN_SECURELVL;
+	len = sizeof curlevel;
+	if (sysctl(name, 2, &curlevel, &len, NULL, 0) == -1) {
+		/* If it doesn't exist, it's okay. */
+		if (errno == ENOENT) 
+			return 0;
+	}
+	return 1;
+#else
+	return 0;
+#endif
+}
+
 /*
  * Get the security level of the kernel.
  */
@@ -490,6 +523,9 @@ getsecuritylevel(void)
 	int name[2], curlevel;
 	size_t len;
 
+	if (!securelevel_present)
+		return -1;
+
 	name[0] = CTL_KERN;
 	name[1] = KERN_SECURELVL;
 	len = sizeof curlevel;
@@ -512,6 +548,9 @@ setsecuritylevel(int newlevel)
 #ifdef KERN_SECURELVL
 	int name[2], curlevel;
 
+	if (!securelevel_present)
+		return;
+
 	curlevel = getsecuritylevel();
 	if (newlevel == curlevel)
 		return;