securelevel problems

[Lowell Gilbert]

Wayne Pascoe <freebsd-questions at penguinpowered.org> writes:

> I'm trying to upgrade a 4.7-RELEASE machine to 4.9. The make buildworld
> has gone ok, but installworld failed.

You should have built and installed the kernel in between, then
rebooted under the new kernel.  If this was not what you did, please
read the Handbook section on Building the World (carefully) before
trying again.

> At first, it appeared that this was because the machine was running in
> securelevel 1. I had the following in /etc/rc.conf:
> kern_securelevel_enable="YES"
> kern_securelevel="1"
> 
> I changed that to
> kern_securelevel_enable="NO"
> kern_securelevel="-1"
> 
> and rebooted the machine. sysctl -a | grep secure shows
> kern.securelevel: -1
> 
> however a make installworld is still failing with:
> 
> Stop in /usr/src/include.
> *** Error code 1
> 
> Stop in /usr/src.
> *** Error code 1
> 
> Stop in /usr/src.
> *** Error code 1
> 
> Stop in /usr/src.
> *** Error code 1
> 
> Stop in /usr/src.

The actual errors were a few lines earlier.  If they don't make sense
to you, please post them for the rest of us to help you there.

> I then tried touching my kernel, which also fails, with:
> # touch kernel
> touch: kernel: Operation not permitted

Right.  The schg flag is normally set on the kernel to keep it from
being modified.

> I'm at a bit of a loss as to how to proceed as the only thing I could
> think to do was to disable securelevel in /etc/rc.conf :(

Right.  With a raised securelevel, you can't change the file flags.
With the securelevel kept low, you can change them, but you need to do
so (with chflags(1)).  [make installkernel normally does this for you]