From owner-freebsd-stable@FreeBSD.ORG  Wed Apr 20 21:28:12 2005
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CF03316A4CE
	for <freebsd-stable@freebsd.org>;
	Wed, 20 Apr 2005 21:28:12 +0000 (GMT)
Received: from smtp809.mail.sc5.yahoo.com (smtp809.mail.sc5.yahoo.com
	[66.163.168.188])
	by mx1.FreeBSD.org (Postfix) with SMTP id 5C39943D41
	for <freebsd-stable@freebsd.org>;
	Wed, 20 Apr 2005 21:28:12 +0000 (GMT)
	(envelope-from noackjr@alumni.rice.edu)
Received: from unknown (HELO optimator.noacks.org)
	(noacks@swbell.net@70.240.205.64 with login)
	by smtp809.mail.sc5.yahoo.com with SMTP; 20 Apr 2005 21:28:11 -0000
Received: from localhost (localhost [127.0.0.1])
	by optimator.noacks.org (Postfix) with ESMTP id AE742612B;
	Wed, 20 Apr 2005 16:28:08 -0500 (CDT)
Received: from optimator.noacks.org ([127.0.0.1])
 by localhost (optimator.noacks.org [127.0.0.1]) (amavisd-new, port 10024)
 with LMTP id 31319-10-2; Wed, 20 Apr 2005 16:28:07 -0500 (CDT)
Received: from compgeek.noacks.org (compgeek [192.168.1.10])
	by optimator.noacks.org (Postfix) with ESMTP id 75F2B6109;
	Wed, 20 Apr 2005 16:28:07 -0500 (CDT)
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by compgeek.noacks.org (8.13.3/8.13.3) with ESMTP id j3KLS6rC039574;
	Wed, 20 Apr 2005 16:28:07 -0500 (CDT)
	(envelope-from noackjr@alumni.rice.edu)
Message-ID: <4266C966.90701@alumni.rice.edu>
Date: Wed, 20 Apr 2005 16:28:06 -0500
From: Jon Noack <noackjr@alumni.rice.edu>
User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050406)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Ronald Klop <ronald-freebsd8@klop.yi.org>
References: <opspjrxucr8527sy@smtp.local>
In-Reply-To: <opspjrxucr8527sy@smtp.local>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: amavisd-new at noacks.org
cc: freebsd-stable@freebsd.org
Subject: Re: securelevel and make installworld
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: noackjr@alumni.rice.edu
List-Id: Production branch of FreeBSD source code
	<freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Apr 2005 21:28:12 -0000

On 04/20/05 15:16, Ronald Klop wrote:
> Can make installworld complain on startup if I try to run it with  
> securelevel > 0.
> It will fail half way through on some files with nochg flags or 
> something  like that.

Design feature:
'schg' is the system immutable flag.  Some system files are installed 
with 'schg' for security reasons; installworld must remove this flag in 
order to install a new version of these files.  However, when 
securelevel > 0 system immutable flags may not be turned off (see 
init(8)).  An attempt to remove the system immutable flag (set 'noschg') 
will therefore fail.  As a result, installworld fails.

Canonical answer:
Reboot into single user mode to perform the installworld as documented 
in UPDATING and section 19.4.1 of the handbook.

Regards,
Jon