From owner-freebsd-stable@FreeBSD.ORG Wed Jul 12 17:35:22 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6A50116A4E0 for ; Wed, 12 Jul 2006 17:35:22 +0000 (UTC) (envelope-from akosiaris@gmail.com) Received: from nz-out-0102.google.com (nz-out-0102.google.com [64.233.162.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id 28CF043D58 for ; Wed, 12 Jul 2006 17:35:21 +0000 (GMT) (envelope-from akosiaris@gmail.com) Received: by nz-out-0102.google.com with SMTP id 13so174487nzn for ; Wed, 12 Jul 2006 10:35:20 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=fBy1+cRHZbf5RG4cF3iGBT5DvCXaTakekdaCHefJMj29pNkbBpA5sCT79+g0rturDwMh5COT7fseb11QzjQhvPqyPWYDKHzq1fj5hY9J4Wz0VnwD+HDtQCbdjCJaU0b6UhCeU3WRWMf09yudP2u12J1Rn3ze/EQIxWVuEjQYgxc= Received: by 10.36.74.19 with SMTP id w19mr1194875nza; Wed, 12 Jul 2006 10:35:20 -0700 (PDT) Received: by 10.36.55.20 with HTTP; Wed, 12 Jul 2006 10:35:20 -0700 (PDT) Message-ID: Date: Wed, 12 Jul 2006 20:35:20 +0300 From: "Alexandros Kosiaris" To: "Giorgos Keramidas" In-Reply-To: <20060712141153.GB30855@gothmog.pc> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20060712141153.GB30855@gothmog.pc> Cc: freebsd-current@freebsd.org, freebsd-stable@freebsd.org Subject: Re: Securelevels and /dev/io documentation inconsistency X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Jul 2006 17:35:22 -0000 > It looks like it does. Would something like this be satisfactory? > > 1 Secure mode - the system immutable and system > append-only flags may not be turned off; disks for > mounted file systems, /dev/mem and /dev/kmem may not be > opened for writing and /dev/io (if your platform has it) > may not be opened at all; kernel modules (see kld(4)) > may not be loaded or unloaded. > > Regards, > Giorgos > Yes it would be. Thank you.