--- sles/include/linux/sysctl.h.~1~	2004-07-27 02:15:25.000000000 +0200
+++ sles/include/linux/sysctl.h	2004-08-01 11:54:30.769344608 +0200
@@ -142,7 +142,7 @@ enum
 	KERN_HPAGES_MAP_SZ=72,  /* int: min size (MB) of mapping */
 	KERN_XMON=73,		/* int: xmon debugger enabled */
 	KERN_UNSUPPORTED=74,	/* int: allow loading of unsupported modules */
-
+	KERN_SECURITY_SEQUENCE=75,	/* int: security sequence number */
 };
 
 
--- sles/kernel/sysctl.c.~1~	2004-07-27 02:15:42.000000000 +0200
+++ sles/kernel/sysctl.c	2004-08-01 11:55:28.252605824 +0200
@@ -81,6 +81,15 @@ EXPORT_SYMBOL(ngroups_max);
 static int min_ngroups = 16;
 static int max_ngroups = __NGROUPS_MAX;
 
+/*
+ * bump this sequence number after fixing any kernel security bug
+ * that could render insecure some userspace application. This
+ * way future versions of the userpace application will be able
+ * to reliably make sure to run on a secure kernel.
+ * I hope 31bit are enough... ;).
+ */
+static int security_sequence;
+
 #ifdef CONFIG_KMOD
 extern char modprobe_path[];
 #endif
@@ -717,6 +726,14 @@ static ctl_table kern_table[] = {
 		.proc_handler	= &proc_dointvec,
 	},
 #endif
+	{
+		.ctl_name	= KERN_SECURITY_SEQUENCE,
+		.procname	= "security_sequence",
+		.data		= &security_sequence,
+		.maxlen		= sizeof (int),
+		.mode		= 0444,
+		.proc_handler	= &proc_dointvec,
+	},
 	{ .ctl_name = 0 }
 };