From owner-freebsd-stable@FreeBSD.ORG Fri Jun 5 15:29:29 2009 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 81FA0106564A for ; Fri, 5 Jun 2009 15:29:29 +0000 (UTC) (envelope-from dam@sd-13813.dedibox.fr) Received: from sd-13813.dedibox.fr (unknown [IPv6:2a01:e0b:1:78:2e0:f4ff:fe19:e9d2]) by mx1.freebsd.org (Postfix) with ESMTP id 1DB2A8FC18 for ; Fri, 5 Jun 2009 15:29:28 +0000 (UTC) (envelope-from dam@sd-13813.dedibox.fr) Received: from sd-13813.dedibox.fr (localhost [127.0.0.1]) by sd-13813.dedibox.fr (8.14.3/8.14.3) with ESMTP id n55Fjt5j001924 for ; Fri, 5 Jun 2009 17:45:55 +0200 (CEST) (envelope-from dam@sd-13813.dedibox.fr) Received: (from dam@localhost) by sd-13813.dedibox.fr (8.14.3/8.14.3/Submit) id n55FjoQt001923 for freebsd-stable@freebsd.org; Fri, 5 Jun 2009 17:45:50 +0200 (CEST) (envelope-from dam) Date: Fri, 5 Jun 2009 17:45:50 +0200 From: FLEURIOT Damien To: freebsd-stable@freebsd.org Message-ID: <20090605154544.GA1855@sd-13813.dedibox.fr> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.19 (2009-01-05) Subject: make installworld and securelevel X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jun 2009 15:29:29 -0000 Hello list, I apologize if this issue has been raised already but I couldn't find it anywhere. Find below a snip from my installworld: -------------------------------------------------------------- >>> Installing everything -------------------------------------------------------------- cd /usr/src; make -f Makefile.inc1 install ===> share/info (install) ===> lib (install) ===> lib/csu/i386-elf (install) install -o root -g wheel -m 444 crt1.o crti.o crtn.o gcrt1.o /usr/lib ===> lib/libc (install) install -C -o root -g wheel -m 444 libc.a /usr/lib install -C -o root -g wheel -m 444 libc_p.a /usr/lib install -s -o root -g wheel -m 444 -fschg -S libc.so.7 /lib ^C My concern is with the last line which installs libc.so.7 and chflags it. I was running with securelevel 1 and got denied. I had to revert to the old kernel, change my securelevel, reinstall the new 7.2 kernel, then run my installworld. This hasn't caused me any other issue, but what will happen the day the libc.a or libc_p.a which are installed in the early steps of installworld become incompatible with the old kernel (if this is at all possible) ? I wouldn't have been able to boot anymore (this is a remote host). The server has a rescue system, but I think a lot of trouble could be saved by interrupting "make installworld" if we're running above securelevel 0. What do you think list ? Regards, Damien