Andrew N. Below wrote: > I also thought about passing control variable from libc > to kernel, but it seems to be bad idea. > > Any other ways? As an idea - maybe you can implement this feature as MAC module? Looks for a mac_check_system_sysctl function. -- WBR, Andrey V. Elsukov