In message <87126.933053...@axl.noc.iafrica.com> Sheldon Hearn writes: : I have a feeling it'll be time soon enough for us to make each of the : decisions that is normally affected by securelevel dependant on the : value of sysctl knobs. Presumeably one or more of them would be : "write-once" knobs. :-)
Yes. That's what I favor. : How much existing software tests for kern.securelevel? And could we : make its value dependant on the new knobs? I can't see it being too big : a problem. I don't think we should eliminate secure levels. However, I think at high secure levels, one can no longer change the value of some sysctls. Ideally, each sysctl would have the highest level that it can be changed at encoded into it. Less ideally, there would be a flag bit that said that it can't be change at secure levels > 0. Warner To Unsubscribe: send mail to majord...@freebsd.org with "unsubscribe freebsd-hackers" in the body of the message
