o Introduce two new calls, securelevel_gt() and securelevel_ge(), which
abstract the securelevel implementation details from the checking code. The call in -CURRENT accepts a struct ucred--in -STABLE, it will accept struct proc. This facilitates the upcoming commit of per-jail securelevel support. The calls will also generate a kernel printf if the calls are made with NULL ucred/proc pointers: generally speaking, there are few instances of this, and they should be fixed.
o Update p_candebug() to use securelevel_gt(); future updates to the
remainder of the kernel tree will be committed soon.
Obtained from: TrustedBSD Project