system updates, as affected by securelevel
Darrel
levitch at iglou.com
Sun Nov 19 14:01:01 PST 2006
On Sun, 19 Nov 2006, Chuck Swiger wrote:
> Darrel wrote:
>> With OpenBSD securelevel=2 I can install a kernel, make build, and
>> install programs which are compiled using Systrace.
>>
>> What is the highest securelevel that I can configure on RELENG_6_2
>> which will not affect compiling and installing; e.g., perhaps not
>> much local difference but having to reboot for a firewall change?
>> This installation is new and the AUDIT option will be in the kernel.
>
> securelevel = 0.
>
> Because the kernel is installed using the schg flag: if you have securelevel
> set to 1 or higher, you will not be able to over-write the kernel without
> rebooting into single-user mode. See "man init" for details.
>
> [ Of course, reinstalling the kernel and/or world is something which you are
> encouraged to do under single-user mode... ]
>
Thanks, Chuck.
Excepting my amd64 the computers are servers at work, so I will use
'securelevel = 0' to facilitate system upgrades while "up"- only shutting
down now for install world.
6.2 rc1 'install world' failed on my amd64. I can csup next month
and try out 'securelevel = 3' on that. Probably build the world,
etc., installkernel, mergemaster and installworld could all be run
from single user then.
Darrel
More information about the freebsd-questions
mailing list