Subject: Re: Sysctls vs. securelevel (was Re: Volunteers to test some kernel
To: None <>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: tech-kern
Date: 06/15/1999 14:50:12
>>> Or, there could be a `securelevel' with exactly two states (0 and
>>> 1), where `0' indicates two-way security switch sysctls, and `1'
>>> indicates one-way settings.
>> I think a tri-state secure level is fine (0, 1, 2), but I DO like
>> the idea of one-way sysctls's.
> Well, if the security functionality is based on sysctls, what does a
> tri-state securelevel do?  ;)

Two answers come to mind.

(1) securelevel=0 -> no sysctls are one-way
    securelevel=1 -> security sysctls are one-way
    securelevel=2 -> security sysctls are read-only

(2) securelevel is a write-only sysctl.  Setting it to 1 turns on some
    of the (other) security sysctls; setting it to 2 turns on those
    plus some more.  (The idea is to get more or less the functionality
    of the old securelevel scheme....)

					der Mouse

		     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B