Subject: Re: security sysctl? (was: r/o filesystem restrictions for firewall?)
To: None <tech-security@netbsd.org, tech-kern@netbsd.org>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: tech-kern
Date: 10/24/2000 15:58:57
On Tue, Oct 24, 2000 at 09:31:54PM +0200, Manuel Bouyer wrote:
> On Tue, Oct 24, 2000 at 01:36:47PM -0400, Thor Lancelot Simon wrote:
> > I don't at all understand what's "theoretical" about this, or what
> > enhancements would be rquired.  The policy enforced at securelevel 
> > 2 was designed and implemented *specifically* for this purpose and
> > AFAICT works fine.  If you don't understand how to use it to achieve your
> > goal, I suggest that you really shouldn't be tinkering with the system's
> > security model.
> 
> No, actually this is not flexible enouth. We want finer-grained control
> over what's allowed and what's not.

It is certainly flexible enough for what Jon said he wanted to do.  Since
you haven't indicated what you want to do, it's pretty hard to tell if new
functionality is required or not.

-- 
Thor Lancelot Simon	                                      tls@rek.tjls.com
	the effort to perceive simply the cruel radiance of what is