TCB (Trusted Computing Base) is a technique for locking down your system with securelevel and immutable files. It's documented in secmodel_securelevel(9).
I recently played with it and I had some minor issues which I'd like to report: - secmodel_securelevel.9 is in comp.tgz which isn't always available on a server, - restore(8) complains about immutable hard links (e.g. when /netbsd and /onetbsd are two hardlinks of the same kernel), - daily mail sends me errors: cp: /var/backups//etc/ssh/ssh_config.current: Operation not permitted ci: /var/backups//etc/ssh/ssh_config.current: Operation not permitted co: /var/backups//etc/ssh/ssh_config.current: Operation not permitted co: see /var/backups//etc/ssh/_1WS1s8D chown: /var/backups//etc/ssh/ssh_config.current: Operation not permitted -- Alex