make installworld and securelevel

FLEURIOT Damien ml at my.gd
Fri Jun 5 23:39:11 UTC 2009 

On Fri, Jun 05, 2009 at 06:41:13PM -0400 or thereabouts, Lowell Gilbert wrote:
> Bruce Cran <bruce at cran.org.uk> writes:
> 
> > On Fri, 5 Jun 2009 17:45:50 +0200
> > FLEURIOT Damien <ml at my.gd> wrote:
> >
> >> 
> >> Hello list,
> >> 
> >> 
> >> I apologize if this issue has been raised already but I couldn't
> >> find it anywhere.
> >> 
> >> 
> >> Find below a snip from my installworld:
> >> 
> >> --------------------------------------------------------------
> >> >>> Installing everything
> >> --------------------------------------------------------------
> >> cd /usr/src; make -f Makefile.inc1 install
> >> ===> share/info (install)
> >> ===> lib (install)
> >> ===> lib/csu/i386-elf (install)
> >> install -o root -g wheel  -m 444 crt1.o crti.o crtn.o gcrt1.o
> >> /usr/lib
> >> ===> lib/libc (install)
> >> install -C -o root -g wheel -m 444   libc.a /usr/lib
> >> install -C -o root -g wheel -m 444   libc_p.a /usr/lib
> >> install -s -o root -g wheel -m 444   -fschg -S  libc.so.7 /lib
> >> ^C
> >> 
> >> 
> >> My concern is with the last line which installs libc.so.7 and
> >> chflags it.
> >> 
> >> I was running with securelevel 1 and got denied.
> >> I had to revert to the old kernel, change my securelevel, reinstall
> >> the new 7.2 kernel, then run my installworld.
> >> 
> >> This hasn't caused me any other issue, but what will happen the day
> >> the libc.a or libc_p.a which are installed in the early steps of
> >> installworld become incompatible with the old kernel (if this is at
> >> all possible) ?
> >> 
> >> I wouldn't have been able to boot anymore (this is a remote host).
> >> The server has a rescue system, but I think a lot of trouble could
> >> be saved by interrupting "make installworld" if we're running above
> >> securelevel 0.
> >
> > Although it's often safe to run installworld in multi user mode, it's
> > recommended to run it in single user mode to avoid issues like this.
> > From /usr/src/UPDATING:
> >
> > <make sure you have good level 0 dumps>
> >         make buildworld
> >         make kernel KERNCONF=YOUR_KERNEL_HERE
> >                                                         [1]
> >         <reboot in single user>                         [3]
> >         mergemaster -p                                  [5]
> >         make installworld
> >         make delete-old
> >         mergemaster                                     [4]
> >         <reboot>
> 
> Still, I don't really see any obvious downsides to the suggestion.  
> Maybe it could cause problems with jail updates?  That's the only 
> issue I've been able to think of...


Well, I'm afraid running single user isn't an option for me, hosted
server.

I've always skipped the single user boot, I just go multi-user and
follow the other steps.
Never done "make delete-old" though, it's not in the Handbook.
Is it really important ? It might be worth adding to the Handbook.


Regarding jails, seeing the securelevel can't be lowered, just
disable chflag'ing during installworld within one ?


--
Damien

More information about the freebsd-stable mailing list