From owner-freebsd-newbies Thu Aug 15 22:41:36 2002 Delivered-To: freebsd-newbies@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 69CDF37B400 for ; Thu, 15 Aug 2002 22:41:32 -0700 (PDT) Received: from mail.mediaodyssey.com (mail.mediaodyssey.com [206.168.47.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id EA06843E72 for ; Thu, 15 Aug 2002 22:41:31 -0700 (PDT) (envelope-from jmcatee@mediaodyssey.com) Received: from jim (unverified [206.168.47.39]) by mail.mediaodyssey.com (Rockliffe SMTPRA 4.5.6) with SMTP id ; Thu, 15 Aug 2002 23:41:31 -0600 Message-ID: <049301c244e7$9578c7d0$272fa8ce@jim> From: "Jim McAtee" To: "Annelise Anderson" Cc: References: Subject: Re: Can't install custom kernel Date: Thu, 15 Aug 2002 23:41:35 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 Sender: owner-freebsd-newbies@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ----- Original Message ----- From: "Annelise Anderson" To: "Jim McAtee" Cc: Sent: Thursday, August 15, 2002 11:19 PM Subject: Re: Can't install custom kernel > On Thu, 15 Aug 2002, Jim McAtee wrote: > > > When I attempt to do > > > > # make installkernel KERNCONF=MYKERN > > > > I run into errors renaming the kernel files because of the kern_securelevel > > I've set (which is 2). My understanding is that if I boot into single user > > mode, then I should be able to get around this. However, I get the same > > error in single user mode. > > > > I believe I could just set the kern_securelevel to a lower level, reboot and > > install the new kernel, but first I'd like to understand what's wrong. > > > > Actually nothing is wrong! Your securelevel is high enough that it does > not allow you to change system files. Turn off setting a securelevel in > /etc/rc.conf (after you boot into single user mode) and then reboot. > That's what the securelevel is supposed to do--prevent a new kernel (or > any other system files) being installed unless you're at the console and > can reboot into single user mode and change the securelevel. I think the reason for my confusion lies in the somewhat contradictory information that I've read in different places regarding this issue. From the FAQ: ------------------------------------------------------------------- 10.26. I tried to install a new kernel, and the chflags failed. How do I get around this? Short answer: You are probably at security level greater than 0. Reboot directly to single user mode to install the kernel. Long answer: FreeBSD disallows changing system flags at security levels greater than 0. You can check your security level with the command: # sysctl kern.securelevel You cannot lower the security level; you have to boot to single mode to install the kernel, or change the security level in /etc/rc.conf then reboot. See the init(8) manual page for details on securelevel, and see /etc/defaults/rc.conf and the rc.conf(5) manual page for more information on rc.conf. ------------------------------------------------------------------- Boot to single mode _or_ change the security level. Either poorly worded or just plain wrong. Jim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-newbies" in the body of the message