Subject: Re: The reason for securelevel
To: Elad Efrat <elad@NetBSD.org>
From: None <brian@surge.insomnia.org>
List: tech-kern
Date: 01/26/2006 15:00:34
On Thu, 26 Jan 2006, Elad Efrat wrote:
> der Mouse wrote:
>> If we want to continue to support reading kern.securelevel, the read
>> routine for it would have to take the minimum of all the relevant
>> variables. I don't see that as a big deal.
>
> that's exactly the bit i'm still trying to figure out -- it's obvious
> that we keep it for keeping things as they are, and it's obvious we
> get rid of it for having only the per-setting knobs.
>
> however, if we choose to implement the hybrid scheme i described, how
> should kern.securelevel be represented? can it?
What's wrong with keeping the current securelevel integer, but turning it
into a module scope variable so it can't be evaluated outside of the
sysctl code?