Kernel-3.10.0-957.el7_securelevel

Linux securelevel interface

The Linux securelevel interface (inspired by the BSD securelevel interface)
is a runtime mechanism for configuring coarse-grained kernel-level security
restrictions. It provides a runtime configuration variable at
/sys/kernel/security/securelevel which can be written to by root. The
following values are supported:

-1: Permanently insecure mode. This level is equivalent to level 0, but once
set cannot be changed.

0: Insecure mode (default). This level imposes no additional kernel
restrictions.

1: Secure mode. If set, userspace will be unable to perform direct access
to PCI devices, port IO access, access system memory directly via
/dev/mem and /dev/kmem, perform kexec_load(), use the userspace
software suspend mechanism, insert new ACPI code at runtime via the
custom_method interface or modify CPU MSRs (on x86). Certain drivers
may also limit additional interfaces.

Once the securelevel value is increased, it may not be decreased.