Bill Studenmund wrote:

> The 
> problem I see with (a) is that it's easy to map a securelevel set request 
> (sysctl -w kern.securelevel=foo) to a bitmap, it's not so easy to do the 
> opposite. Since we don't know exactly what aspect of securelevel the LKM 
> is interested in, it's hard to say what securelevel a given LKM should 
> see.

Yes, this is certainly an issue I'm worried about as well... if we do go
the "reverse mapping" route, we should set the securelevel variable
depending on the knob bit in the mask belonging to the highest
securelevel.

> So my suggestion is to make LKMs change. Include a quick description of 
> how to change them (the define you gave was good) and a mapping of what 
> you can find now (if you were interested in making sure ioctl's could 
> happen, you make this call. If you are interested in the ability to access 
> devices when others are busy, you make that call).

I'll do that anyway, but the decision of requiring LKMs to change is not
one that I can make. :) I am just suggesting possible solutions that we
can use regardless of what we decide to do.

-e.

-- 
Elad Efrat