Date: Sat, 06 Jun 2009 11:42:07 -0400 From: Lowell Gilbert <freebsd-stable-local@be-well.ilk.org> To: Bruce Cran <bruce@cran.org.uk> Cc: FLEURIOT Damien <ml@my.gd>, freebsd-stable@freebsd.org Subject: Re: make installworld and securelevel Message-ID: <44d49hbc8g.fsf@lowell-desk.lan> In-Reply-To: <20090606010058.2bd884b0@gluon.draftnet> (Bruce Cran's message of "Sat\, 6 Jun 2009 01\:00\:58 %2B0100") References: <20090605154544.GA1855@sd-13813.dedibox.fr> <20090605233507.42ee1c96@gluon.draftnet> <44prdimhh2.fsf@lowell-desk.lan> <20090606010058.2bd884b0@gluon.draftnet>
next in thread | previous in thread | raw e-mail | index | archive | help
Bruce Cran <bruce@cran.org.uk> writes: > On Fri, 05 Jun 2009 18:41:13 -0400 > Lowell Gilbert <freebsd-stable-local@be-well.ilk.org> wrote: > >> Bruce Cran <bruce@cran.org.uk> writes: >> >> > On Fri, 5 Jun 2009 17:45:50 +0200 >> > FLEURIOT Damien <ml@my.gd> wrote: >> > >> >> >> >> Hello list, >> >> >> >> >> >> I apologize if this issue has been raised already but I couldn't >> >> find it anywhere. >> >> >> >> >> >> Find below a snip from my installworld: >> >> >> >> -------------------------------------------------------------- >> >> >>> Installing everything >> >> -------------------------------------------------------------- >> >> cd /usr/src; make -f Makefile.inc1 install >> >> ===> share/info (install) >> >> ===> lib (install) >> >> ===> lib/csu/i386-elf (install) >> >> install -o root -g wheel -m 444 crt1.o crti.o crtn.o gcrt1.o >> >> /usr/lib >> >> ===> lib/libc (install) >> >> install -C -o root -g wheel -m 444 libc.a /usr/lib >> >> install -C -o root -g wheel -m 444 libc_p.a /usr/lib >> >> install -s -o root -g wheel -m 444 -fschg -S libc.so.7 /lib >> >> ^C >> >> >> >> >> >> My concern is with the last line which installs libc.so.7 and >> >> chflags it. >> >> >> >> I was running with securelevel 1 and got denied. >> >> I had to revert to the old kernel, change my securelevel, reinstall >> >> the new 7.2 kernel, then run my installworld. >> >> >> >> This hasn't caused me any other issue, but what will happen the day >> >> the libc.a or libc_p.a which are installed in the early steps of >> >> installworld become incompatible with the old kernel (if this is at >> >> all possible) ? >> >> >> >> I wouldn't have been able to boot anymore (this is a remote host). >> >> The server has a rescue system, but I think a lot of trouble could >> >> be saved by interrupting "make installworld" if we're running above >> >> securelevel 0. >> > >> > Although it's often safe to run installworld in multi user mode, >> > it's recommended to run it in single user mode to avoid issues like >> > this. From /usr/src/UPDATING: >> > >> > <make sure you have good level 0 dumps> >> > make buildworld >> > make kernel KERNCONF=YOUR_KERNEL_HERE >> > [1] >> > <reboot in single user> [3] >> > mergemaster -p [5] >> > make installworld >> > make delete-old >> > mergemaster [4] >> > <reboot> >> >> Still, I don't really see any obvious downsides to the suggestion. >> Maybe it could cause problems with jail updates? That's the only >> issue I've been able to think of... >> > > If you do both the installkernel and installworld at the same time and > the new kernel doesn't boot, then you may not be able to boot with the > old kernel because the new userland may be incompatible. The original suggestion wasn't to skip the reboot, but rather to stop the user from doing an installworld under a raised securelevel. I don't consider it important, because the recommended upgrade path is to do the installworld in single-user mode, but by the same token I don't see any real harm.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44d49hbc8g.fsf>