From owner-freebsd-stable Sun Jun 9 10:17:20 2002 Delivered-To: freebsd-stable@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by hub.freebsd.org (Postfix) with ESMTP id D137237B401 for ; Sun, 9 Jun 2002 10:17:16 -0700 (PDT) Received: from apollo.backplane.com (localhost [127.0.0.1]) by apollo.backplane.com (8.12.3/8.12.3) with ESMTP id g59HHFCV087142; Sun, 9 Jun 2002 10:17:16 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.12.3/8.12.3/Submit) id g59HHFld087141; Sun, 9 Jun 2002 10:17:15 -0700 (PDT) (envelope-from dillon) Date: Sun, 9 Jun 2002 10:17:15 -0700 (PDT) From: Matthew Dillon Message-Id: <200206091717.g59HHFld087141@apollo.backplane.com> To: Dmitry Morozovsky Cc: Alessandro de Manzano , randall ehren , Subject: Re: make buildworld problems References: <20020609204933.W7944-100000@woozle.rinet.ru> Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG : :On Sun, 9 Jun 2002, Alessandro de Manzano wrote: : :AdM> > I suspect the issue with /var may be related to /var/tmp. If you :AdM> > ktrace -i that portion of the build and look for '/var' in the kdump :AdM> > I'll bet it will become obvious. :AdM> :AdM> I add myself to the list: why a (nosuid+)noexec /var should be a problem for :AdM> the build/install system ? :AdM> :AdM> I've just config'ed my /var's to be (also) noexec and I planned for :AdM> tomorrow a rebuild of all systems but now I'm worried... ;-) :AdM> :AdM> Could you or someone else, please, spread light on this ? :-) : :At least `installworld' phase from RELENG_4 uses pre-built install script :in /var/tmp due to possibility of Read-only /usr/src. I wonder why this :script can't be placed under /usr/obj, which seems for me much more :appropriate... : :Sincerely, :D.Marck [DM5020, DM268-RIPE, DM3-RIPN] :------------------------------------------------------------------------ :*** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru *** :------------------------------------------------------------------------ /usr/obj may be a read-only NFS mount. The 'installworld' target cannot modify it. e.g. for the case where you buildworld on one machine and export /usr/src and /usr/obj via read-only NFS mounts to all the other machines, then installworld on each of the other machines. I use this trick all the time to upgrade machines. I don't see much of a security advantage in making /var noexec but if you want to do it you will have to create a separate partition for /var/tmp, or make /var/tmp a softlink to /tmp (assuming you have a /tmp partition). 4.5 and 4.6's installer's 'A'uto partitioning creates a /tmp partition by default now. If space is an issue other alternatives include mkdir'ing /home/tmp (modes 1777) and linking /var/tmp to /home/tmp, and so forth. -Matt Matthew Dillon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message