Subject: Re: cloning loopback and security [was Re: CVS commit: src/sys ]
To: James Chacon <jmc@NetBSD.org>
From: Jonathan Stone <jonathan@dsg.stanford.edu>
List: tech-kern
Date: 12/09/2004 13:35:21
In message <20041209211640.GA17485@netbsd.org>James Chacon writes
>On Thu, Dec 09, 2004 at 01:05:30PM -0800, Jonathan Stone wrote:

>> Except if you ever want to upgrade, then you may need to lower
>> securelevel. That can get ... exceedingly tricky.
>> 
>
>But you can't lower security level today. If you wanna upgrade it, reboot
>and leave it at a lower security level (i.e. boot from cdrom if need be).
>Obviously nothing we do can solve the physical access problem.

Correct. That's one reason I'm asking for config-time options, too.
And (exactly as for devfs) I'm willing to jump through quite difficult
hoops to get them.  All I ask is that they're available, (even at some
pain) to those who decide they need them.  I'm currently willing to
help do the work and do ongoing testing, too.