# priv.conf - private module configuration  
#
# structure:
#
# (LEVEL_ID) 
#       ENTRY
#       ..
# END_MARK
#
##############################
#
# LEVEL_ID := NUMBER > 0
# ENTRY := { file_nowrite = LIST | ptrace_lock = SWITCH | 
#	    module_lock = SWITCH | mount_rw = SWITCH | settime_lock = SWITCH }
#
# LIST := ELEMENT,ELEMENT...
# SWITCH := [ allow | deny ]
# END_MARK := end
#

(1)
file_nowrite = /etc/shadow, /etc/passwd
end

(2)
module_lock = deny 
ptrace_lock = deny
file_nowrite = /etc/shadow, /etc/passwd, /dev/mem, /dev/kmem
end

(3)
module_lock = deny
ptrace_lock = deny
mount_rw = deny
file_nowrite = /etc/shadow, /etc/passwd, /dev/mem, /dev/kmem
settime_lock = deny
end

#(4)
#module_lock = allow
#ptrace_lock = allow
#end