Subject: configurable disabling of kernel functions
To: None <>
From: Simon Burge <>
List: tech-kern
Date: 06/15/2000 10:08:36
Un-fleshed out random idea time...

What if we had a mechanism that could disable certain kernel functions
from userland?  Obvious choices initially would be system calls,
filesystems and possibly sysctl nodes.  A case in point was the recent
semconfig problem, where we ended up making semconfig a dummy system
call, but people still needed to recompile kernels - sometimes it's not
convenient to do this right away for a number of reasons (kernel source
not at hand, long running simulation nearly finished, ra ra ra).  I
haven't thought too much about that the interface would be like, but something

	sysctl -w security.syscall.semconfig = 0
	sysctl -w security.vfs.union = 0;


	sysconfig(XXX_SYSCALL, SYS_semconfig, DISABLE);

comes to mind (but with better names!).  We could even have an /etc/rc.d
script set some of these up on boot by parsing a /etc/system type file :)

Seriously, is this worth taking further?