From owner-freebsd-stable Tue Oct 15 8:55:58 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5DE8337B401 for ; Tue, 15 Oct 2002 08:55:57 -0700 (PDT) Received: from grosbein.pp.ru (www2.svzserv.kemerovo.su [213.184.65.86]) by mx1.FreeBSD.org (Postfix) with ESMTP id B0F5643EBE for ; Tue, 15 Oct 2002 08:55:53 -0700 (PDT) (envelope-from eugen@grosbein.pp.ru) Received: from grosbein.pp.ru (smmsp@localhost [127.0.0.1]) by grosbein.pp.ru (8.12.6/8.12.5) with ESMTP id g9FFtm0T000577 for ; Tue, 15 Oct 2002 23:55:48 +0800 (KRAST) (envelope-from eugen@grosbein.pp.ru) Received: (from eugen@localhost) by grosbein.pp.ru (8.12.6/8.12.6/Submit) id g9FFsRrn000527 for freebsd-stable@FreeBSD.ORG; Tue, 15 Oct 2002 23:54:27 +0800 (KRAST) Date: Tue, 15 Oct 2002 23:54:27 +0800 From: Eugene Grosbein To: freebsd-stable@FreeBSD.ORG Subject: Re: Ifconfig config of gif tunnels Message-ID: <20021015235427.B381@grosbein.pp.ru> References: <200210132154.g9DLsUmc057065@apollo.backplane.com> <200210151532.g9FFWo2o070440@lurza.secnetix.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200210151532.g9FFWo2o070440@lurza.secnetix.de>; from olli@secnetix.de on Tue, Oct 15, 2002 at 05:32:50PM +0200 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, Oct 15, 2002 at 05:32:50PM +0200, Oliver Fromme wrote: > > (1) It just overwrote system files that users are not supposed to > > change anyway, like files in /etc/defaults and the /etc/rc* > > files. > Additionally, I think it might be a good idea to make those > files schg by default, and teach mergemaster to noschg/schg > them if required. A possibility of running mergemaster in multiuser is essential. Playing with system immutable files when securelevel>0 is trick. Currently temproot cannot be cleaned up after mergemaster due to $temproot/var/empty when securelevel>0 but that's not big deal because it's empty :) However, having configs/scripts marked as system immutable will bring more pain and break POLA, imho. Eugene Grosbein P.S. Yes, I known that running installworld and mergemaster is not supported and is not recommended but this works most of time and this possibility is very, very valuable thinking about downtime. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message