On Fri, Mar 24, 2006 at 06:42:53PM +0000, Christos Zoulas wrote:
> 
> So under the proposal the old "securelevel" variable will map into a
> list of "capabilities" something like:
> 
> old			new
> --------------------------------------------------------------------------
> securelevel == -1 	mask with all the capabilities allowed 
> securelevel == 0	mask with some capabilities allowed
> securelevel == 1	mask with fewer capabilities allowed
> securelecel == 2	mask with no capabilities allowed
> 
> If we assume that we are currently running at securelevel 1, and
> we add or remove a capability, we'll be in a situation where the
> securelevel variable will still be 1 but this will not match
> the original level 1 mask.
> 
> What does it mean to change the securelevel after that? Do we even
> allow it? Do we have a setting for securelevel that means "custom"?
> I think if we need a "custom" securelevel value then we'll need to
> involve a third variable to indicate this so that LKM's still work.

For compatibility with old LKM (and driver code) I'd suggest that
we'd have the constants MASK_0, MASK_1 and MASK_2 (MASK_-1 is zero).
Whenever the new mask is changed we could do:
	if (mask & MASK_2)
		securelevel = 2;
	else if (mask & MASK_1)
		securelevel = 1;
	else if (mask & MASK_0)
		securelevel = 0;
	else securelevel = -1;
Then code that checks (securelevel > n) will still error out whenever
is should - although a check of the mask itself might allow the request.

	David

-- 
David Laight: david@l8s.co.uk