> > Could we have a single "securelevel" option, that would be either 1 or 0.
> > When it's set to 1 it would parse a configuration file that lists what
> >
> Or better yet, change it from 1/0 to the path of the configuration file.
> And if the path is an empty string, then there is no securelevel in effect.
> + , the kernel should unconditionally protect the securelevel file once
> it is in effect (make it immutable, regardless of flags on the file).

Why should the administrator be prohibited from editing the file
once the policy is in effect (unless that is explicitly asked for)?
That sounds counter-intuitive.

No opinion on the general concept.

	-- Jachym