On Thu, Feb 09, 2006 at 05:51:26PM +0000, vishal butte wrote:
> 
>   please tell me the file name where the code for loading the database is present.
>

depends what you mean by this.  the loader is in:

src/sbin/veriexecctl

the pseudo device is in

src/sys/dev/verified_exec.c
    
> 
>   who can raise the securelevel.....i mean dose only administrator
> is allowed to raise the level ?

Only root can raise securelevel

>   i am confused about ..."normal boot process..."  if only administrator  is allowed to raise the securelevel then how to authenticate him during 
>   " normal boot process .."

the boot process is run as the root user.

>    
>   1) " hash of file can be added into the database only in securelevel 0."
>   that means the database file could be tampered only in securelevel
>   0 by some users other than administrator.

No - only root is allowed to load the hashes.

>   then how to secure the databse file in securelevel 0 ?
>

Make sure the console is physically secure.
    
>   2)  Can i check the contents of  in-kernel data structure ?
>   Is that implemented in /proc ?
>    

No - that facility is not available.

-- 
Brett Lymn