Bill Studenmund wrote:

> The one comment I have is in repsponse to the name. I suggest we go with 
> something similar to what FreeBSD has:
> 
>      security.bsd.suser_enabled 	      integer	    yes
>      security.bsd.see_other_uids	      integer	    yes
>      security.bsd.unprivileged_proc_debug     integer	    yes
>      security.bsd.unprivileged_read_msgbuf    integer	    yes
> 
> Obviously we don't have to have all of these nodes. But 
> "security.bsd.see_other_uids" seems about as good as "kern.privacy.proc".

I'd like to have a ``security'' node; but that's about it. :)

> I think it would be appropriate to have one knob control both the process 
> and socket ownership features in your (Elad's) code.

Why? You can have one big knob and multiple smaller knobs so you can
tune privacy the way you want it.

-e.

-- 
Elad Efrat
PGP Key ID: 0x666EB914