[PATCH] securelevel and make installworld

Wed, 20 Apr 2005 15:51:26 -0700

On 04/20/05 16:56, Ronald Klop wrote:
On Wed, 20 Apr 2005 16:28:06 -0500, Jon Noack <[EMAIL PROTECTED]> wrote:
On 04/20/05 15:16, Ronald Klop wrote:
Can make installworld complain on startup if I try to run it with securelevel > 0.
It will fail half way through on some files with nochg flags or something like that.

Design feature:
'schg' is the system immutable flag. Some system files are installed with 'schg' for security reasons; installworld must remove this flag in order to install a new version of these files. However, when securelevel > 0 system immutable flags may not be turned off (see init(8)). An attempt to remove the system immutable flag (set 'noschg') will therefore fail. As a result, installworld fails.

Canonical answer:
Reboot into single user mode to perform the installworld as documented in UPDATING and section 19.4.1 of the handbook.

I understand the problem, otherwise I wouldn't have securelevel > 0. Doing a remote install in single user mode isn't always possible.
And than it isn't very nice to break the installworld with an error. Using the idea of 'fail early' it would be very nice too have a check for securelevel in the installworld Makefile.

The attached diff is against -CURRENT but applies cleanly to 5.4-RC3. It adds a check to the installworld target in src/Makefile.inc1 to ensure we are not in secure mode.

This is just a quick hack; there may be a better way to do this (with SPECIAL_INSTALLCHECKS perhaps?).

Regards,
Jon

Index: Makefile.inc1
===================================================================
RCS file: /home/ncvs/src/Makefile.inc1,v
retrieving revision 1.492
diff -u -r1.492 Makefile.inc1
--- Makefile.inc1	6 Apr 2005 01:55:43 -0000	1.492
+++ Makefile.inc1	20 Apr 2005 22:39:27 -0000
@@ -471,6 +471,18 @@
 kernel-toolchain: ${TOOLCHAIN_TGTS:N_includes:N_libraries}
 
 #
+# checksecurelevel
+#
+# Ensures that the system is not running in secure mode.
+#
+SECURELEVEL!=	sysctl -n kern.securelevel
+checksecurelevel:
+.if ${SECURELEVEL} > 0
+	@echo "ERROR: securelevel = ${SECURELEVEL}; cannot proceed in secure mode."
+	false
+.endif
+
+#
 # Use this to add checks to installworld/installkernel targets.
 #
 SPECIAL_INSTALLCHECKS=
@@ -513,7 +525,7 @@
 #
 # Installs everything compiled by a 'buildworld'.
 #
-distributeworld installworld: installcheck
+distributeworld installworld: checksecurelevel installcheck
 	mkdir -p ${INSTALLTMP}
 	for prog in [ awk cap_mkdb cat chflags chmod chown \
 	    date echo egrep find grep \

_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to