Date: Sun, 19 Nov 2006 17:00:52 -0500 (EST) From: Darrel <levitch@iglou.com> To: Chuck Swiger <cswiger@mac.com> Cc: questions@freebsd.org Subject: Re: system updates, as affected by securelevel Message-ID: <Pine.GSO.4.61.0611191658530.5075@shell1> In-Reply-To: <455FEC87.6030007@mac.com> References: <Pine.GSO.4.61.0611181618200.1912@shell1> <455FEC87.6030007@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 19 Nov 2006, Chuck Swiger wrote: > Darrel wrote: >> With OpenBSD securelevel=2 I can install a kernel, make build, and >> install programs which are compiled using Systrace. >> >> What is the highest securelevel that I can configure on RELENG_6_2 >> which will not affect compiling and installing; e.g., perhaps not >> much local difference but having to reboot for a firewall change? >> This installation is new and the AUDIT option will be in the kernel. > > securelevel = 0. > > Because the kernel is installed using the schg flag: if you have securelevel > set to 1 or higher, you will not be able to over-write the kernel without > rebooting into single-user mode. See "man init" for details. > > [ Of course, reinstalling the kernel and/or world is something which you are > encouraged to do under single-user mode... ] > Thanks, Chuck. Excepting my amd64 the computers are servers at work, so I will use 'securelevel = 0' to facilitate system upgrades while "up"- only shutting down now for install world. 6.2 rc1 'install world' failed on my amd64. I can csup next month and try out 'securelevel = 3' on that. Probably build the world, etc., installkernel, mergemaster and installworld could all be run from single user then. Darrel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.61.0611191658530.5075>