make installworld and securelevel
Bruce Cran
bruce at cran.org.uk
Fri Jun 5 22:35:12 UTC 2009
On Fri, 5 Jun 2009 17:45:50 +0200
FLEURIOT Damien <ml at my.gd> wrote:
>
> Hello list,
>
>
> I apologize if this issue has been raised already but I couldn't
> find it anywhere.
>
>
> Find below a snip from my installworld:
>
> --------------------------------------------------------------
> >>> Installing everything
> --------------------------------------------------------------
> cd /usr/src; make -f Makefile.inc1 install
> ===> share/info (install)
> ===> lib (install)
> ===> lib/csu/i386-elf (install)
> install -o root -g wheel -m 444 crt1.o crti.o crtn.o gcrt1.o
> /usr/lib
> ===> lib/libc (install)
> install -C -o root -g wheel -m 444 libc.a /usr/lib
> install -C -o root -g wheel -m 444 libc_p.a /usr/lib
> install -s -o root -g wheel -m 444 -fschg -S libc.so.7 /lib
> ^C
>
>
> My concern is with the last line which installs libc.so.7 and
> chflags it.
>
> I was running with securelevel 1 and got denied.
> I had to revert to the old kernel, change my securelevel, reinstall
> the new 7.2 kernel, then run my installworld.
>
> This hasn't caused me any other issue, but what will happen the day
> the libc.a or libc_p.a which are installed in the early steps of
> installworld become incompatible with the old kernel (if this is at
> all possible) ?
>
> I wouldn't have been able to boot anymore (this is a remote host).
> The server has a rescue system, but I think a lot of trouble could
> be saved by interrupting "make installworld" if we're running above
> securelevel 0.
Although it's often safe to run installworld in multi user mode, it's
recommended to run it in single user mode to avoid issues like this.
From /usr/src/UPDATING:
<make sure you have good level 0 dumps>
make buildworld
make kernel KERNCONF=YOUR_KERNEL_HERE
[1]
<reboot in single user> [3]
mergemaster -p [5]
make installworld
make delete-old
mergemaster [4]
<reboot>
--
Bruce Cran
More information about the freebsd-stable
mailing list