On Tue, 15 Jun 1999, Todd Vierling wrote:

> This brings up an interesting point.  We probably should take features like
> this and make them one-way sysctls, so that there isn't too much assumed
> about what's in a `securelevel'.  In fact, I'd venture to suggest that much
> of the current `securelevel' functionality would be better implemented by
> sysctls that are one-way settings (reset only at reboot).
> 
> Or, there could be a `securelevel' with exactly two states (0 and 1), where
> `0' indicates two-way security switch sysctls, and `1' indicates one-way
> settings.

I think a tri-state secure level is fine (0, 1, 2), but I DO like the idea
of one-way sysctls's. Well, I REALLY like the idea of splitting a lot of
the functionality into sysctl's so a sysadmin can better fine-tune the
settings.

Take care,

Bill