securelevel and make installworld

Kövesdán Gábor gabor.kovesdan at
Wed Apr 20 15:15:00 PDT 2005

Ronald Klop wrote:

> On Wed, 20 Apr 2005 16:28:06 -0500, Jon Noack 
> <noackjr at>  wrote:
>> On 04/20/05 15:16, Ronald Klop wrote:
>>> Can make installworld complain on startup if I try to run it with   
>>> securelevel > 0.
>>> It will fail half way through on some files with nochg flags or  
>>> something  like that.
>> Design feature:
>> 'schg' is the system immutable flag.  Some system files are 
>> installed  with 'schg' for security reasons; installworld must remove 
>> this flag in  order to install a new version of these files.  
>> However, when  securelevel > 0 system immutable flags may not be 
>> turned off (see  init(8)).  An attempt to remove the system immutable 
>> flag (set 'noschg')  will therefore fail.  As a result, installworld 
>> fails.
>> Canonical answer:
>> Reboot into single user mode to perform the installworld as 
>> documented  in UPDATING and section 19.4.1 of the handbook.
> I understand the problem, otherwise I wouldn't have securelevel > 0. 
> Doing  a remote install in single user mode isn't always possible.
> And than it isn't very nice to break the installworld with an error. 
> Using  the idea of 'fail early' it would be very nice too have a check 
> for  securelevel in the installworld Makefile.
> Ronald.
Check in the Makefile? Why don't You check Your securelevel with "sysctl 
-a | grep kern.securelevel"? But how don't You remember which 
securelevel are You using? You probably have your own habits in system 
administration. As for me I always use 2, which is convenient for me, 
because I often have to modify ipf/ipfw rules.
Anyway, make installworld is the most secure in single user mode. I had 
a critical failure by making installworld without booting single user 
mode and my system didn't boot any more. I had to reinstall everything.

More information about the freebsd-stable mailing list