On Wed, Dec 28, 2016 at 12:05:58AM +0000, Roy Marples wrote:
> Can you please explain how the security model was broken?
> 

intention with securelevel is to do less things kernel-side
if it is raised (which, I hope, reduces our attack surface).

I don't think it's worth adding this complexity for better
npfctl warnings (it's just a warning and doesn't change its
behaviour).

If you want, I can modify npfctl not to warn for the EPERM
case. I'm not sure whether that is better.

Reply via email to