On Thu, 26 Jan 2006, Elad Efrat wrote:
> der Mouse wrote:
>> If we want to continue to support reading kern.securelevel, the read
>> routine for it would have to take the minimum of all the relevant
>> variables.  I don't see that as a big deal.
>
> that's exactly the bit i'm still trying to figure out -- it's obvious
> that we keep it for keeping things as they are, and it's obvious we
> get rid of it for having only the per-setting knobs.
>
> however, if we choose to implement the hybrid scheme i described, how
> should kern.securelevel be represented? can it?


What's wrong with keeping the current securelevel integer, but turning it 
into a module scope variable so it can't be evaluated outside of the 
sysctl code?