> I looked at where securelevel is used in the kernel and summed it up
> to a list. It's available online at:
> 
> 	http://www.bsd.org.il/netbsd/security.levels
> 
> The format is very clear and simple: for every securelevel 0, 1, 2
> I listed the implications, and divided them to those that affect the
> "TCB" (or, the original intention of securelevel, as it appears in
> The Design and Implementation of 4.4BSD) and other misc. stuff.
> 
> In square brackets listed the kauth(9) scope I suggest. The new scopes
> suggested are "network", "driver", and "machdep".

i think chflags shouldn't be "generic".

can you propose operations and their arguments as well?
to me, it isn't clear how "driver" scope operations will be, for example.

YAMAMOTO Takashi