Date: Sun, 9 Jun 2002 10:17:15 -0700 (PDT) From: Matthew Dillon <dillon@apollo.backplane.com> To: Dmitry Morozovsky <marck@rinet.ru> Cc: Alessandro de Manzano <adm@unixmania.net>, randall ehren <randall@ucsb.edu>, <freebsd-stable@FreeBSD.ORG> Subject: Re: make buildworld problems Message-ID: <200206091717.g59HHFld087141@apollo.backplane.com> References: <20020609204933.W7944-100000@woozle.rinet.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
:
:On Sun, 9 Jun 2002, Alessandro de Manzano wrote:
:
:AdM> > I suspect the issue with /var may be related to /var/tmp. If you
:AdM> > ktrace -i that portion of the build and look for '/var' in the kdump
:AdM> > I'll bet it will become obvious.
:AdM>
:AdM> I add myself to the list: why a (nosuid+)noexec /var should be a problem for
:AdM> the build/install system ?
:AdM>
:AdM> I've just config'ed my /var's to be (also) noexec and I planned for
:AdM> tomorrow a rebuild of all systems but now I'm worried... ;-)
:AdM>
:AdM> Could you or someone else, please, spread light on this ? :-)
:
:At least `installworld' phase from RELENG_4 uses pre-built install script
:in /var/tmp due to possibility of Read-only /usr/src. I wonder why this
:script can't be placed under /usr/obj, which seems for me much more
:appropriate...
:
:Sincerely,
:D.Marck [DM5020, DM268-RIPE, DM3-RIPN]
:------------------------------------------------------------------------
:*** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru ***
:------------------------------------------------------------------------
/usr/obj may be a read-only NFS mount. The 'installworld' target
cannot modify it.
e.g. for the case where you buildworld on one machine and export
/usr/src and /usr/obj via read-only NFS mounts to all the other machines,
then installworld on each of the other machines. I use this trick all
the time to upgrade machines.
I don't see much of a security advantage in making /var noexec but if
you want to do it you will have to create a separate partition for
/var/tmp, or make /var/tmp a softlink to /tmp (assuming you have a
/tmp partition). 4.5 and 4.6's installer's 'A'uto partitioning creates
a /tmp partition by default now. If space is an issue other
alternatives include mkdir'ing /home/tmp (modes 1777) and linking /var/tmp
to /home/tmp, and so forth.
-Matt
Matthew Dillon
<dillon@backplane.com>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206091717.g59HHFld087141>