Chris Evans (
Sat, 24 Jan 1998 23:25:49 +0000 (GMT)


I see some securelevel stuff is heading into the kernel. Can I recommend
we make securelevel a bitmap sooner rather than later? I think the
linux-privs project initiated the idea. I wrote a silly little proof of
concept patch to implement securelevel on top of linux-privs. It is
archived on, and it might be worthwhile looking at it to

1) Stuff in need of protecting it might be easy to forget.
2) A suggestion of some typical bit definitions we might have.

The "securelevel > 0" is a bit coarse grained; maybe an admin might want
to make it hard to fire up a packet sniffer by disabling promisc. mode,
but not also want the anal protection of raw block devices required to
protect immutable files and the like.