Jeff Jirsa wrote: > I've noticed that currently, violations of securelevel are > aborted, but not > typically logged. It seems like in addition to aborting whichever > calls are > in progress, logging an error might be beneficial. I recognize that this > goes along the same lines as logging file permission errors, but if a file > is marked immutable, the implicit value of the file should > suggest that one > might want to be able to audit attempted changes to that file.
I think this would be useful, but I would be concerned about the rate at which these messages could come when someone is actively attacking a system. Perhaps such messages could go through a rate limiter mechanism similar to that now used by the network interfaces. I am not certain whether this addition would affect the TrustedBSD work, either. Guy Helmer To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
