In message <[EMAIL PROTECTED]> Sheldon Hearn writes: : I have a feeling it'll be time soon enough for us to make each of the : decisions that is normally affected by securelevel dependant on the : value of sysctl knobs. Presumeably one or more of them would be : "write-once" knobs. :-) Yes. That's what I favor. : How much existing software tests for kern.securelevel? And could we : make its value dependant on the new knobs? I can't see it being too big : a problem. I don't think we should eliminate secure levels. However, I think at high secure levels, one can no longer change the value of some sysctls. Ideally, each sysctl would have the highest level that it can be changed at encoded into it. Less ideally, there would be a flag bit that said that it can't be change at secure levels > 0. Warner To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
- Re: securelevel and ipfw zero Julian Elischer
- Re: securelevel and ipfw zero Nate Williams
- Re: securelevel and ipfw zero Achim Patzner
- Re: securelevel and ipfw zero Nate Williams
- Re: securelevel and ipfw zero Joe Greco
- Re: securelevel and ipfw zero Nate Williams
- Re: securelevel and ipfw zero Joe Greco
- Re: securelevel and ipfw zero Matthew Dillon
- securelevel too course-grained? Sheldon Hearn
- Re: securelevel too course-grained? Matthew Dillon
- Re: securelevel and ipfw zero Warner Losh
- Re: securelevel and ipfw zero Mike Pritchard
- Re: securelevel and ipfw zero Matthew Dillon
- Re: securelevel and ipfw zero Nate Williams
- Re: securelevel and ipfw zero Matthew Dillon
- Re: securelevel and ipfw zero Nate Williams
- Re: securelevel and ipfw zero Joe Greco
- Re: securelevel and ipfw zero Nate Williams
- Re: securelevel and ipfw zero Achim Patzner
- Re: securelevel and ipfw zero Nate Williams
- Re: securelevel and ipfw zero Joe Greco
