It seems that securelevel is completely shafted. For a start, the
permissions that /proc/sys/kernel/securelevel are registered with are
incorrect (0444, should be 0644 to allow root write access) Trivial patch
=> not included here :-)
Furthermore, and more worrying, it seems that do_securelevel_strategy is
NOT called upon modification of securelevel. This means that root can
arbitrarily lower the securelevel value(!).
I did not have time to look into this.. I will probably do so tonight
unless some bright spark posts fixes/causes before then, hint hint ;-)
Cheers,
Chris