make installworld and securelevel

Lowell Gilbert freebsd-stable-local at be-well.ilk.org
Sat Jun 6 15:42:16 UTC 2009 

Bruce Cran <bruce at cran.org.uk> writes:

> On Fri, 05 Jun 2009 18:41:13 -0400
> Lowell Gilbert <freebsd-stable-local at be-well.ilk.org> wrote:
>
>> Bruce Cran <bruce at cran.org.uk> writes:
>> 
>> > On Fri, 5 Jun 2009 17:45:50 +0200
>> > FLEURIOT Damien <ml at my.gd> wrote:
>> >
>> >> 
>> >> Hello list,
>> >> 
>> >> 
>> >> I apologize if this issue has been raised already but I couldn't
>> >> find it anywhere.
>> >> 
>> >> 
>> >> Find below a snip from my installworld:
>> >> 
>> >> --------------------------------------------------------------
>> >> >>> Installing everything
>> >> --------------------------------------------------------------
>> >> cd /usr/src; make -f Makefile.inc1 install
>> >> ===> share/info (install)
>> >> ===> lib (install)
>> >> ===> lib/csu/i386-elf (install)
>> >> install -o root -g wheel  -m 444 crt1.o crti.o crtn.o gcrt1.o
>> >> /usr/lib
>> >> ===> lib/libc (install)
>> >> install -C -o root -g wheel -m 444   libc.a /usr/lib
>> >> install -C -o root -g wheel -m 444   libc_p.a /usr/lib
>> >> install -s -o root -g wheel -m 444   -fschg -S  libc.so.7 /lib
>> >> ^C
>> >> 
>> >> 
>> >> My concern is with the last line which installs libc.so.7 and
>> >> chflags it.
>> >> 
>> >> I was running with securelevel 1 and got denied.
>> >> I had to revert to the old kernel, change my securelevel, reinstall
>> >> the new 7.2 kernel, then run my installworld.
>> >> 
>> >> This hasn't caused me any other issue, but what will happen the day
>> >> the libc.a or libc_p.a which are installed in the early steps of
>> >> installworld become incompatible with the old kernel (if this is at
>> >> all possible) ?
>> >> 
>> >> I wouldn't have been able to boot anymore (this is a remote host).
>> >> The server has a rescue system, but I think a lot of trouble could
>> >> be saved by interrupting "make installworld" if we're running above
>> >> securelevel 0.
>> >
>> > Although it's often safe to run installworld in multi user mode,
>> > it's recommended to run it in single user mode to avoid issues like
>> > this. From /usr/src/UPDATING:
>> >
>> > <make sure you have good level 0 dumps>
>> >         make buildworld
>> >         make kernel KERNCONF=YOUR_KERNEL_HERE
>> >                                                         [1]
>> >         <reboot in single user>                         [3]
>> >         mergemaster -p                                  [5]
>> >         make installworld
>> >         make delete-old
>> >         mergemaster                                     [4]
>> >         <reboot>
>> 
>> Still, I don't really see any obvious downsides to the suggestion.  
>> Maybe it could cause problems with jail updates?  That's the only 
>> issue I've been able to think of...
>> 
>
> If you do both the installkernel and installworld at the same time and
> the new kernel doesn't boot, then you may not be able to boot with the
> old kernel because the new userland may be incompatible.

The original suggestion wasn't to skip the reboot, but rather to stop
the user from doing an installworld under a raised securelevel.  I don't
consider it important, because the recommended upgrade path is to do the
installworld in single-user mode, but by the same token I don't see any
real harm.

More information about the freebsd-stable mailing list