Date: Wed, 20 Apr 2005 23:56:14 +0200 From: "Ronald Klop" <ronald-freebsd8@klop.yi.org> To: freebsd-stable@freebsd.org Subject: Re: securelevel and make installworld Message-ID: <opspjwj0x98527sy@smtp.local> In-Reply-To: <4266C966.90701@alumni.rice.edu> References: <opspjrxucr8527sy@smtp.local> <4266C966.90701@alumni.rice.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 20 Apr 2005 16:28:06 -0500, Jon Noack <noackjr@alumni.rice.edu> wrote: > On 04/20/05 15:16, Ronald Klop wrote: >> Can make installworld complain on startup if I try to run it with >> securelevel > 0. >> It will fail half way through on some files with nochg flags or >> something like that. > > Design feature: > 'schg' is the system immutable flag. Some system files are installed > with 'schg' for security reasons; installworld must remove this flag in > order to install a new version of these files. However, when > securelevel > 0 system immutable flags may not be turned off (see > init(8)). An attempt to remove the system immutable flag (set 'noschg') > will therefore fail. As a result, installworld fails. > > Canonical answer: > Reboot into single user mode to perform the installworld as documented > in UPDATING and section 19.4.1 of the handbook. I understand the problem, otherwise I wouldn't have securelevel > 0. Doing a remote install in single user mode isn't always possible. And than it isn't very nice to break the installworld with an error. Using the idea of 'fail early' it would be very nice too have a check for securelevel in the installworld Makefile. Ronald. -- Ronald Klop, Amsterdam, The Netherlands
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?opspjwj0x98527sy>