From owner-freebsd-hackers  Mon May 21 15:40:25 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from salmon.maths.tcd.ie (salmon.maths.tcd.ie [134.226.81.11])
	by hub.freebsd.org (Postfix) with SMTP
	id 1E9C037B43C; Mon, 21 May 2001 15:40:23 -0700 (PDT)
	(envelope-from dwmalone@maths.tcd.ie)
Received: from walton.maths.tcd.ie by salmon.maths.tcd.ie with SMTP
          id <aa68173@salmon>; 21 May 2001 23:40:22 +0100 (BST)
To: Mike Smith <msmith@FreeBSD.ORG>
Cc: Warner Losh <imp@harmony.village.org>,
	Jon Parise <jon@csh.rit.edu>, freebsd-hackers@FreeBSD.ORG
Subject: Re: sysctl to disable reboot 
In-reply-to: Your message of "Mon, 21 May 2001 15:45:23 PDT."
             <200105212245.f4LMjN903195@mass.dis.org> 
X-Request-Do: 
Date: Mon, 21 May 2001 23:40:22 +0100
From: David Malone <dwmalone@maths.tcd.ie>
Message-ID:  <200105212340.aa68173@salmon.maths.tcd.ie>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

> That's a good point.  A more sophisticated sysctl again would be one that 
> would prevent the loading of a new keymap which enabled rebooting where 
> the previous one did not.

> cons.keymap.protected perhaps?

I could impliment a cons.keymap.securelevel which did:

	0: Anyone can change the keymap.
	1: Only root can change keys with effects like reboot, panic, ...
	2: Only root can make any change to the keymap.

Or would that be overkill? (The name is certainly a bit silly ;-)

	David.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message