Subject: Re: use of securelevel.
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
From: Manuel BOUYER <>
List: current-users
Date: 06/04/1997 18:10:48
On Jun 4, der Mouse wrote
> I always thought the kernel just knew about negative, zero, and
> positive...or does it just recognize <=0 and >0, with the semantics of
> securelevel==-1 implemented in init?  (I suppose I should just go
> check...)

At last the init man page make a difference between securelevel==1 and
securelevel==2. I didn't check if this is implemented, however ...

> My reaction is, no such level is appropriate.  I don't like the idea of
> having one variable which takes on different levels, with different
> things kicking in at various points - it makes it very hard to turn
> these things on and off individually.  I've found this with debugging
> output in code, for example - I almost always want not a debug level
> which produces more and more output as it's cranked up, but rather a
> number of bits, one for each subsystem.
> In this case, I would prefer to have something like a sysctl variable,
> such that when nonzero, it disallows filter changes; you could either
> have it impossible to change it from nonzero to zero except when
> securelevel is less than 1, or if you don't want to tie it to
> securelevel, then maybe have it take on three states, say 0 (allow
> changes), 1 (no changes, but no other effects), and 2 (no changes, and
> the control variable itself can't be changed either).

What I'd like to see is a by-mask securelevel. Says, a bit which
allows/dissalow disk mount/unmount, a bit to allows/dissalow system flags
change on files, a bit for /dev/mem and friends, a bit for
network configurations (including ip-filter, or perhaps a specific bit for it),
etc. And of course a bit which says if we are allowed to change the
securelevel. If securelevel is an int, whe have 32 bits to play with ...

Manuel Bouyer, LIP6, Universite Paris VI.