> But the main question I have about this is: how does fsck get exempted > from this? It opens the device for writing, after all. securelevel < 0 when fsck runs in /etc/rc. um.. only if you set it to a negative number. securelevel == 0 when /etc/rc runs.