On Sat, Mar 25, 2006 at 09:13:03PM +0200, Elad Efrat wrote:
> > 2) We should implement, rather than this confusion of run-level and
> >    security-state in init, an ordered set of "run levels" implemented
> >    by init and the kernel cooperatively, so that if we're in "run level
> >    0", we know that everything's been killed off and init has started
> >    with a fresh slate.  Note that this would allow implementing intermediate
> >    or higher "run levels".  That's important.  See point 3.
> 
> Same as before, I ask you (or anyone else, for that matter) to provide
> what you think should be the implications of each "run level".

As I understand, you have a list of inactive capabilities (e.g. kmem
access, firewall modification etc.) for each runlevel. The weakest
runlevel would be equal to securelevel=-1, the strongest equal to
securelevel=2. Each runlevel is more restrictive than the former and
init is the only processes allowed to switch to a less restrictive
runlevel.

Joerg