Subject: Re: security sysctl? (was: r/o filesystem restrictions for firewall?)
To: Thor Lancelot Simon <>
From: Jon Lindgren <>
List: tech-kern
Date: 10/24/2000 16:29:35
On Tue, 24 Oct 2000, Thor Lancelot Simon wrote:

> > > I don't at all understand what's "theoretical" about this, or what
> > > enhancements would be rquired.  The policy enforced at securelevel 
> > > 2 was designed and implemented *specifically* for this purpose and
> > > AFAICT works fine.  If you don't understand how to use it to achieve your
> > > goal, I suggest that you really shouldn't be tinkering with the system's
> > > security model.
> > 
> > No, actually this is not flexible enouth. We want finer-grained control
> > over what's allowed and what's not.
> It is certainly flexible enough for what Jon said he wanted to do.  Since
> you haven't indicated what you want to do, it's pretty hard to tell if new
> functionality is required or not.

I think it may be, but finer grained control is always nice as long as
1) it doesn't make things messy, and 2) it benefits the project as a
whole.  I don't think it would make sense for the majority of situations,
but it may be a neat feature.  It's for people who know a lot more than I
to decide...

I still have yet to check securelevel 2, tho - it may be exactly what I
need, or it may lack.

 "Trout are freshwater fish, and have underwater weapons."
 "Zing, zing zing zing!"
 "Keep away from the trout."
 -- The opinions expressed are not necesarily those of my employer --
 "Who stole my lawn?"