Date: Fri, 9 Mar 2001 09:42:17 -0800 From: Brooks Davis <brooks@one-eyed-alien.net> To: Greg Prosser <greg@snickers.org> Cc: stable@FreeBSD.ORG Subject: Re: installworld / securelevel Message-ID: <20010309094217.A2487@Odin.AC.HMC.Edu> In-Reply-To: <Pine.BSF.4.31.0103090322280.88537-100000@spike.snickers.org>; from greg@snickers.org on Fri, Mar 09, 2001 at 03:26:01AM -0500 References: <Pine.BSF.4.31.0103090322280.88537-100000@spike.snickers.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--SLDf9lqlvOQaIe6s Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Mar 09, 2001 at 03:26:01AM -0500, Greg Prosser wrote: > Is it possible for the FreeBSD Makefile jedi to put a kern.securelevel > check into the installworld procedure? I'm fairly sure that if key files > are set as schg, and securelevel as one, causing an installworld to puke > mid-make probably isn't the ideal state to leave a box in, hoping it'll > come back after reboot with securelevel lowered. Some of us forget to > check things occasionally.. *eyes the terminal where ping is running*, I > think I'm ok this time, but doing more in-depth system upgrades might pose > a larger problem if userland and kernel aren't in sync.. I'd suggest you write yourself a script and use it religiously. Securelevels are definaly in the catagory of thing to be used at your own risk and only with full knowledge of their effects. I doubt anyone is going to add anti-foot-shooting code to check for them. Given what limited use they are, I never use them. It's just too much pain. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --SLDf9lqlvOQaIe6s Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6qRX4XY6L6fI4GtQRAm3BAKDbV4wa+YSe4iG/GTdLj22BabkrSACfTQmn 8QvICG16VQW1Uy5hla7TBcA= =omLn -----END PGP SIGNATURE----- --SLDf9lqlvOQaIe6s-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010309094217.A2487>