>> theoterical secure level three?  ie:
>> 
>> no mounting or unmounting of filesystems...
>> no loading of ipf or ipnat rules...
>> no interface or route changes...
>> no opening disk devices, either character or block...
>> no time changes at all... (hmm...ntpd...after all, we want good time)
>> no setuid() calls or suid effect on programs...
>
>We really want a feature mask (or probably better a security sysctl
>MIB with separate knobs to disable these one by one), not an arbitary
>"level".

part of the security sysctl mib would have to be a knob that sets the
entire sysctl mib into read-only mode as well.

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."