[PATCH] securelevel and make installworld
Jon Noack
noackjr at alumni.rice.edu
Wed Apr 20 15:50:57 PDT 2005
On 04/20/05 16:56, Ronald Klop wrote:
> On Wed, 20 Apr 2005 16:28:06 -0500, Jon Noack <noackjr at alumni.rice.edu> wrote:
>> On 04/20/05 15:16, Ronald Klop wrote:
>>> Can make installworld complain on startup if I try to run it with
>>> securelevel > 0.
>>> It will fail half way through on some files with nochg flags or
>>> something like that.
>>
>> Design feature:
>> 'schg' is the system immutable flag. Some system files are installed
>> with 'schg' for security reasons; installworld must remove this flag
>> in order to install a new version of these files. However, when
>> securelevel > 0 system immutable flags may not be turned off (see
>> init(8)). An attempt to remove the system immutable flag (set
>> 'noschg') will therefore fail. As a result, installworld fails.
>>
>> Canonical answer:
>> Reboot into single user mode to perform the installworld as
>> documented in UPDATING and section 19.4.1 of the handbook.
>
> I understand the problem, otherwise I wouldn't have securelevel > 0.
> Doing a remote install in single user mode isn't always possible.
> And than it isn't very nice to break the installworld with an error.
> Using the idea of 'fail early' it would be very nice too have a check
> for securelevel in the installworld Makefile.
The attached diff is against -CURRENT but applies cleanly to 5.4-RC3.
It adds a check to the installworld target in src/Makefile.inc1 to
ensure we are not in secure mode.
This is just a quick hack; there may be a better way to do this (with
SPECIAL_INSTALLCHECKS perhaps?).
Regards,
Jon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: securelevel.patch
Type: text/x-patch
Size: 1023 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20050420/01a8a7b7/securelevel.bin
More information about the freebsd-stable
mailing list