securelevel and make installworld
gabor.kovesdan at t-hosting.hu
Wed Apr 20 15:15:00 PDT 2005
Ronald Klop wrote:
> On Wed, 20 Apr 2005 16:28:06 -0500, Jon Noack
> <noackjr at alumni.rice.edu> wrote:
>> On 04/20/05 15:16, Ronald Klop wrote:
>>> Can make installworld complain on startup if I try to run it with
>>> securelevel > 0.
>>> It will fail half way through on some files with nochg flags or
>>> something like that.
>> Design feature:
>> 'schg' is the system immutable flag. Some system files are
>> installed with 'schg' for security reasons; installworld must remove
>> this flag in order to install a new version of these files.
>> However, when securelevel > 0 system immutable flags may not be
>> turned off (see init(8)). An attempt to remove the system immutable
>> flag (set 'noschg') will therefore fail. As a result, installworld
>> Canonical answer:
>> Reboot into single user mode to perform the installworld as
>> documented in UPDATING and section 19.4.1 of the handbook.
> I understand the problem, otherwise I wouldn't have securelevel > 0.
> Doing a remote install in single user mode isn't always possible.
> And than it isn't very nice to break the installworld with an error.
> Using the idea of 'fail early' it would be very nice too have a check
> for securelevel in the installworld Makefile.
Check in the Makefile? Why don't You check Your securelevel with "sysctl
-a | grep kern.securelevel"? But how don't You remember which
securelevel are You using? You probably have your own habits in system
administration. As for me I always use 2, which is convenient for me,
because I often have to modify ipf/ipfw rules.
Anyway, make installworld is the most secure in single user mode. I had
a critical failure by making installworld without booting single user
mode and my system didn't boot any more. I had to reinstall everything.
More information about the freebsd-stable