How to change kernel security level?

My Mac had a kernel security level of 0. Then, I changed the kernel security level to 1.

Here's how I changed it to 1: sysctl kern.securelevel=1

I'd like to change it back to 0 becuase my hosts file has a system immutable flag on it.

This is the code for that- sudo chflags schg /etc/hosts

I'd like to take away the system immutable flag, and that starts with changing the secure level back to 0.

I've tried to boot into single user mode. I shut down my computer and then held down cmd+S when I rebooted. It shows a black screen and white code scrolling across the screen and then went into the regular user selection field. Then, I put in my password to log in and it showed more white code scrolling across the screen and then it logged me in and everything appears normal.

This is related to this

Protect hosts file

Solution 1:

If you have just run sysctl kern.securelevel=1 to change the securelevel, as you have indicated, then you just need to reboot your computer. This way of changing the securelevel is not persistent, so you will be back at securelevel 0 after rebooting, so that you can remove the system immutable flag from the file.

If you have changed for example /etc/sysctl.conf or used some method of ensuring that securelevel is set to 1 at every boot, you could edit that file and then reboot to get back to securelevel 0.

If you just want to temporarily get to securelevel=0 in order to remove the flag from the file, I would suggest booting into Recovery mode by holding down the Command and R keys while booting the Mac. While in Recovery mode, open Terminal and run chflags to remove the flag from the file.