Adding the functionality to mtree sounds like a good idea.

However, we need to think carefully before we put those flags into our
distribution files. Order of operations will be critical if we go this
route: once you set schg, you can't do anything else to that file unless
you go single-user and undo it.

We may need to have a flag or other indicator for whether to "lock-down"
the system in that way after installation, and whether the lock-down should
be default or not.

The real question here is: how often do system programs get changed in
between releases? If we make them immutable, we'll find out quickly, the
hard way.

	merely advising caution,

	Erik <fair@clock.org>