Date: Thu, 15 Aug 2002 23:41:35 -0600 From: "Jim McAtee" <jmcatee@mediaodyssey.com> To: "Annelise Anderson" <andrsn@andrsn.stanford.edu> Cc: <freebsd-newbies@FreeBSD.ORG> Subject: Re: Can't install custom kernel Message-ID: <049301c244e7$9578c7d0$272fa8ce@jim> References: <Pine.BSF.4.10.10208152214380.71088-100000@andrsn.stanford.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message -----
From: "Annelise Anderson" <andrsn@andrsn.stanford.edu>
To: "Jim McAtee" <jmcatee@mediaodyssey.com>
Cc: <freebsd-newbies@FreeBSD.ORG>
Sent: Thursday, August 15, 2002 11:19 PM
Subject: Re: Can't install custom kernel
> On Thu, 15 Aug 2002, Jim McAtee wrote:
>
> > When I attempt to do
> >
> > # make installkernel KERNCONF=MYKERN
> >
> > I run into errors renaming the kernel files because of the
kern_securelevel
> > I've set (which is 2). My understanding is that if I boot into single
user
> > mode, then I should be able to get around this. However, I get the same
> > error in single user mode.
> >
> > I believe I could just set the kern_securelevel to a lower level, reboot
and
> > install the new kernel, but first I'd like to understand what's wrong.
> >
>
> Actually nothing is wrong! Your securelevel is high enough that it does
> not allow you to change system files. Turn off setting a securelevel in
> /etc/rc.conf (after you boot into single user mode) and then reboot.
> That's what the securelevel is supposed to do--prevent a new kernel (or
> any other system files) being installed unless you're at the console and
> can reboot into single user mode and change the securelevel.
I think the reason for my confusion lies in the somewhat contradictory
information that I've read in different places regarding this issue.
From the FAQ:
-------------------------------------------------------------------
10.26. I tried to install a new kernel, and the chflags failed. How do I get
around this?
Short answer: You are probably at security level greater than 0. Reboot
directly to single user mode to install the kernel.
Long answer: FreeBSD disallows changing system flags at security levels
greater than 0. You can check your security level with the command:
# sysctl kern.securelevel
You cannot lower the security level; you have to boot to single mode to
install the kernel, or change the security level in /etc/rc.conf then
reboot. See the init(8) manual page for details on securelevel, and see
/etc/defaults/rc.conf and the rc.conf(5) manual page for more information on
rc.conf.
-------------------------------------------------------------------
Boot to single mode _or_ change the security level. Either poorly worded or
just plain wrong.
Jim
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-newbies" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?049301c244e7$9578c7d0$272fa8ce>