From owner-freebsd-stable@FreeBSD.ORG Fri Jun 5 23:08:02 2009 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DE6031065675 for ; Fri, 5 Jun 2009 23:08:02 +0000 (UTC) (envelope-from freebsd-stable-local@be-well.ilk.org) Received: from mail1.sea5.speakeasy.net (mail1.sea5.speakeasy.net [69.17.117.3]) by mx1.freebsd.org (Postfix) with ESMTP id B41D78FC15 for ; Fri, 5 Jun 2009 23:08:02 +0000 (UTC) (envelope-from freebsd-stable-local@be-well.ilk.org) Received: (qmail 403 invoked from network); 5 Jun 2009 22:41:21 -0000 Received: from dsl092-078-145.bos1.dsl.speakeasy.net (HELO be-well.ilk.org) ([66.92.78.145]) (envelope-sender ) by mail1.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 5 Jun 2009 22:41:20 -0000 Received: from lowell-desk.lan (lowell-desk.lan [172.30.250.6]) by be-well.ilk.org (Postfix) with ESMTP id 9D93B5083A; Fri, 5 Jun 2009 18:41:14 -0400 (EDT) Received: by lowell-desk.lan (Postfix, from userid 1147) id 0543D1CC83; Fri, 5 Jun 2009 18:41:13 -0400 (EDT) To: Bruce Cran References: <20090605154544.GA1855@sd-13813.dedibox.fr> <20090605233507.42ee1c96@gluon.draftnet> From: Lowell Gilbert Date: Fri, 05 Jun 2009 18:41:13 -0400 In-Reply-To: <20090605233507.42ee1c96@gluon.draftnet> (Bruce Cran's message of "Fri\, 5 Jun 2009 23\:35\:07 +0100") Message-ID: <44prdimhh2.fsf@lowell-desk.lan> User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: FLEURIOT Damien , freebsd-stable@freebsd.org Subject: Re: make installworld and securelevel X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-stable@freebsd.org List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jun 2009 23:08:03 -0000 Bruce Cran writes: > On Fri, 5 Jun 2009 17:45:50 +0200 > FLEURIOT Damien wrote: > >> >> Hello list, >> >> >> I apologize if this issue has been raised already but I couldn't >> find it anywhere. >> >> >> Find below a snip from my installworld: >> >> -------------------------------------------------------------- >> >>> Installing everything >> -------------------------------------------------------------- >> cd /usr/src; make -f Makefile.inc1 install >> ===> share/info (install) >> ===> lib (install) >> ===> lib/csu/i386-elf (install) >> install -o root -g wheel -m 444 crt1.o crti.o crtn.o gcrt1.o >> /usr/lib >> ===> lib/libc (install) >> install -C -o root -g wheel -m 444 libc.a /usr/lib >> install -C -o root -g wheel -m 444 libc_p.a /usr/lib >> install -s -o root -g wheel -m 444 -fschg -S libc.so.7 /lib >> ^C >> >> >> My concern is with the last line which installs libc.so.7 and >> chflags it. >> >> I was running with securelevel 1 and got denied. >> I had to revert to the old kernel, change my securelevel, reinstall >> the new 7.2 kernel, then run my installworld. >> >> This hasn't caused me any other issue, but what will happen the day >> the libc.a or libc_p.a which are installed in the early steps of >> installworld become incompatible with the old kernel (if this is at >> all possible) ? >> >> I wouldn't have been able to boot anymore (this is a remote host). >> The server has a rescue system, but I think a lot of trouble could >> be saved by interrupting "make installworld" if we're running above >> securelevel 0. > > Although it's often safe to run installworld in multi user mode, it's > recommended to run it in single user mode to avoid issues like this. > From /usr/src/UPDATING: > > > make buildworld > make kernel KERNCONF=YOUR_KERNEL_HERE > [1] > [3] > mergemaster -p [5] > make installworld > make delete-old > mergemaster [4] > Still, I don't really see any obvious downsides to the suggestion. Maybe it could cause problems with jail updates? That's the only issue I've been able to think of...