From owner-freebsd-stable@FreeBSD.ORG Fri Jun 5 22:35:12 2009 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A90071065687 for ; Fri, 5 Jun 2009 22:35:12 +0000 (UTC) (envelope-from bruce@cran.org.uk) Received: from muon.cran.org.uk (brucec-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:c09::2]) by mx1.freebsd.org (Postfix) with ESMTP id 677FB8FC15 for ; Fri, 5 Jun 2009 22:35:12 +0000 (UTC) (envelope-from bruce@cran.org.uk) Received: from muon.cran.org.uk (localhost [127.0.0.1]) by muon.cran.org.uk (Postfix) with ESMTP id 0605F1900F; Fri, 5 Jun 2009 22:35:11 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on muon X-Spam-Level: X-Spam-Status: No, score=-2.3 required=8.0 tests=BAYES_00,NO_RELAYS autolearn=ham version=3.2.5 Received: from gluon.draftnet (unknown [IPv6:2a01:348:10f:0:240:f4ff:fe57:9871]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by muon.cran.org.uk (Postfix) with ESMTPSA; Fri, 5 Jun 2009 22:35:10 +0000 (GMT) Date: Fri, 5 Jun 2009 23:35:07 +0100 From: Bruce Cran To: FLEURIOT Damien Message-ID: <20090605233507.42ee1c96@gluon.draftnet> In-Reply-To: <20090605154544.GA1855@sd-13813.dedibox.fr> References: <20090605154544.GA1855@sd-13813.dedibox.fr> X-Mailer: Claws Mail 3.7.1 (GTK+ 2.16.2; i386-portbld-freebsd7.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Cc: freebsd-stable@freebsd.org Subject: Re: make installworld and securelevel X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jun 2009 22:35:12 -0000 On Fri, 5 Jun 2009 17:45:50 +0200 FLEURIOT Damien wrote: >=20 > Hello list, >=20 >=20 > I apologize if this issue has been raised already but I couldn't > find it anywhere. >=20 >=20 > Find below a snip from my installworld: >=20 > -------------------------------------------------------------- > >>> Installing everything > -------------------------------------------------------------- > cd /usr/src; make -f Makefile.inc1 install > =3D=3D=3D> share/info (install) > =3D=3D=3D> lib (install) > =3D=3D=3D> lib/csu/i386-elf (install) > install -o root -g wheel -m 444 crt1.o crti.o crtn.o gcrt1.o > /usr/lib > =3D=3D=3D> lib/libc (install) > install -C -o root -g wheel -m 444 libc.a /usr/lib > install -C -o root -g wheel -m 444 libc_p.a /usr/lib > install -s -o root -g wheel -m 444 -fschg -S libc.so.7 /lib > ^C >=20 >=20 > My concern is with the last line which installs libc.so.7 and > chflags it. >=20 > I was running with securelevel 1 and got denied. > I had to revert to the old kernel, change my securelevel, reinstall > the new 7.2 kernel, then run my installworld. >=20 > This hasn't caused me any other issue, but what will happen the day > the libc.a or libc_p.a which are installed in the early steps of > installworld become incompatible with the old kernel (if this is at > all possible) ? >=20 > I wouldn't have been able to boot anymore (this is a remote host). > The server has a rescue system, but I think a lot of trouble could > be saved by interrupting "make installworld" if we're running above > securelevel 0. Although it's often safe to run installworld in multi user mode, it's recommended to run it in single user mode to avoid issues like this. =46rom /usr/src/UPDATING: make buildworld make kernel KERNCONF=3DYOUR_KERNEL_HERE [1] [3] mergemaster -p [5] make installworld make delete-old mergemaster [4] --=20 Bruce Cran