Date: Sat, 6 Jun 2009 01:00:58 +0100 From: Bruce Cran <bruce@cran.org.uk> To: freebsd-stable@freebsd.org Cc: FLEURIOT Damien <ml@my.gd>, freebsd-stable-local@be-well.ilk.org Subject: Re: make installworld and securelevel Message-ID: <20090606010058.2bd884b0@gluon.draftnet> In-Reply-To: <44prdimhh2.fsf@lowell-desk.lan> References: <20090605154544.GA1855@sd-13813.dedibox.fr> <20090605233507.42ee1c96@gluon.draftnet> <44prdimhh2.fsf@lowell-desk.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 05 Jun 2009 18:41:13 -0400 Lowell Gilbert <freebsd-stable-local@be-well.ilk.org> wrote: > Bruce Cran <bruce@cran.org.uk> writes: > > > On Fri, 5 Jun 2009 17:45:50 +0200 > > FLEURIOT Damien <ml@my.gd> wrote: > > > >> > >> Hello list, > >> > >> > >> I apologize if this issue has been raised already but I couldn't > >> find it anywhere. > >> > >> > >> Find below a snip from my installworld: > >> > >> -------------------------------------------------------------- > >> >>> Installing everything > >> -------------------------------------------------------------- > >> cd /usr/src; make -f Makefile.inc1 install > >> ===> share/info (install) > >> ===> lib (install) > >> ===> lib/csu/i386-elf (install) > >> install -o root -g wheel -m 444 crt1.o crti.o crtn.o gcrt1.o > >> /usr/lib > >> ===> lib/libc (install) > >> install -C -o root -g wheel -m 444 libc.a /usr/lib > >> install -C -o root -g wheel -m 444 libc_p.a /usr/lib > >> install -s -o root -g wheel -m 444 -fschg -S libc.so.7 /lib > >> ^C > >> > >> > >> My concern is with the last line which installs libc.so.7 and > >> chflags it. > >> > >> I was running with securelevel 1 and got denied. > >> I had to revert to the old kernel, change my securelevel, reinstall > >> the new 7.2 kernel, then run my installworld. > >> > >> This hasn't caused me any other issue, but what will happen the day > >> the libc.a or libc_p.a which are installed in the early steps of > >> installworld become incompatible with the old kernel (if this is at > >> all possible) ? > >> > >> I wouldn't have been able to boot anymore (this is a remote host). > >> The server has a rescue system, but I think a lot of trouble could > >> be saved by interrupting "make installworld" if we're running above > >> securelevel 0. > > > > Although it's often safe to run installworld in multi user mode, > > it's recommended to run it in single user mode to avoid issues like > > this. From /usr/src/UPDATING: > > > > <make sure you have good level 0 dumps> > > make buildworld > > make kernel KERNCONF=YOUR_KERNEL_HERE > > [1] > > <reboot in single user> [3] > > mergemaster -p [5] > > make installworld > > make delete-old > > mergemaster [4] > > <reboot> > > Still, I don't really see any obvious downsides to the suggestion. > Maybe it could cause problems with jail updates? That's the only > issue I've been able to think of... > If you do both the installkernel and installworld at the same time and the new kernel doesn't boot, then you may not be able to boot with the old kernel because the new userland may be incompatible. -- Bruce Cran
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090606010058.2bd884b0>