From nobody@FreeBSD.org  Tue Jul 17 10:00:36 2001
Return-Path: <nobody@FreeBSD.org>
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 5454E37B405
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 17 Jul 2001 10:00:36 -0700 (PDT)
	(envelope-from nobody@FreeBSD.org)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.11.4/8.11.4) id f6HH0a545623;
	Tue, 17 Jul 2001 10:00:36 -0700 (PDT)
	(envelope-from nobody)
Message-Id: <200107171700.f6HH0a545623@freefall.freebsd.org>
Date: Tue, 17 Jul 2001 10:00:36 -0700 (PDT)
From: Roger Allan <rallan@pobox.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Can't install configured kernel with 'make install' after the second time
X-Send-Pr-Version: www-1.0

>Number:         29043
>Category:       conf
>Synopsis:       Can't install configured kernel with 'make install' after the second time
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    roam
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jul 17 10:10:00 PDT 2001
>Closed-Date:    Wed Jul 18 06:14:23 PDT 2001
>Last-Modified:  Wed Jul 18 06:15:02 PDT 2001
>Originator:     Roger Allan
>Release:        4.3-RELASE #1
>Organization:
>Environment:
FreeBSD roobar.jmorph.com 4.3-RELEASE FreeBSD 4.3-RELEASE #1: Tu Jul 17 23:26:41 CDT 2001   root@roobar.jmorph.com:/usr/src/sys/compile/ROOBAR	i386
>Description:
I reconfigured the kernel and installed it using "make isntall"
(from usr/src/sys/compile/ROOBAR). I reconfigured the kernel a second
time and got from the make command a:
chflags: /kernel: Operation not permitted
I tried all sorts of commands and variations of chflags, ch*, rm, mv,
etc and with no success.
There appears to be no way to remove a broken kernel from the system.

>How-To-Repeat:
configure a new kernel and build twice with a 'make install' from
/usr/src/sys/compile/<KERNEL-NAME>.  As install sets the schg flag on
the kernel and is unable to undo it.
>Fix:
'chflags noschg /kernel' is not working at all.  Either avoid using the
"make install" or edit the makefile and remove the '-fschg' from the
install commands.  If this is too late, edit the /boot/loader.conf and
add the line: "kernel=<my-new-kernel>".

>Release-Note:
>Audit-Trail:

From: Peter Pentchev <roam@orbitel.bg>
To: Roger Allan <rallan@pobox.com>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: conf/29043: Can't install configured kernel with 'make install' after the second time
Date: Wed, 18 Jul 2001 09:48:32 +0300

 On Tue, Jul 17, 2001 at 10:00:36AM -0700, Roger Allan wrote:
 > 
 > >Number:         29043
 > >Category:       conf
 > >Synopsis:       Can't install configured kernel with 'make install' after the second time
 > >Organization:
 > >Environment:
 > FreeBSD roobar.jmorph.com 4.3-RELEASE FreeBSD 4.3-RELEASE #1: Tu Jul 17 23:26:41 CDT 2001   root@roobar.jmorph.com:/usr/src/sys/compile/ROOBAR	i386
 > >Description:
 > I reconfigured the kernel and installed it using "make isntall"
 > (from usr/src/sys/compile/ROOBAR). I reconfigured the kernel a second
 > time and got from the make command a:
 > chflags: /kernel: Operation not permitted
 > I tried all sorts of commands and variations of chflags, ch*, rm, mv,
 > etc and with no success.
 > There appears to be no way to remove a broken kernel from the system.
 > 
 > >How-To-Repeat:
 > configure a new kernel and build twice with a 'make install' from
 > /usr/src/sys/compile/<KERNEL-NAME>.  As install sets the schg flag on
 > the kernel and is unable to undo it.
 > >Fix:
 > 'chflags noschg /kernel' is not working at all.  Either avoid using the
 > "make install" or edit the makefile and remove the '-fschg' from the
 > install commands.  If this is too late, edit the /boot/loader.conf and
 > add the line: "kernel=<my-new-kernel>".
 
 Are you running in a securelevel 1 or higher?  The init(8) manual page
 (which is also brought up when you do 'man securelevel') clearly
 documents that at securelevel 1, immutable flags cannot be turned off.
 
 Try dropping to single-user mode, and doing chflags noschg /kernel,
 then follow up to this PR (by sending mail to freebsd-gnats-submit@FreeBSD.org
 with the same Subject line) with the results: did chflags(1) give
 an error message, did ls -lo /kernel after the chflags still show
 an schg flag, how did the 'make install' process go..
 
 G'luck,
 Peter
 
 -- 
 When you are not looking at it, this sentence is in Spanish.
State-Changed-From-To: open->feedback 
State-Changed-By: roam 
State-Changed-When: Tue Jul 17 23:58:11 PDT 2001 
State-Changed-Why:  
Trying to determine whether the chflags 'permission denied' error 
did not result from the submitter running it in securelevel >= 1. 


Responsible-Changed-From-To: freebsd-bugs->roam 
Responsible-Changed-By: roam 
Responsible-Changed-When: Tue Jul 17 23:58:11 PDT 2001 
Responsible-Changed-Why:  
I'll take care of the feedback. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=29043 

From: Roger Allan <rallan9@swbell.net>
To: Peter Pentchev <roam@orbitel.bg>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: conf/29043: Can't install configured kernel with 'make install'
 after the second time
Date: Wed, 18 Jul 2001 07:40:44 -0500

 Yes, I was at a high level of security.  I brought it down to the lowest
 level and
 presto!  Please close this bug.
 
 Thanks for the help  It is greatly appreciated!
 
 Roger
 
 ----- Original Message -----
 From: "Peter Pentchev" <roam@orbitel.bg>
 To: "Roger Allan" <rallan@pobox.com>
 Cc: <freebsd-gnats-submit@FreeBSD.org>
 Sent: Wednesday, July 18, 2001 1:48 AM
 Subject: Re: conf/29043: Can't install configured kernel with 'make install'
 after the second time
 
 
 > On Tue, Jul 17, 2001 at 10:00:36AM -0700, Roger Allan wrote:
 > >
 > > >Number:         29043
 > > >Category:       conf
 > > >Synopsis:       Can't install configured kernel with 'make install'
 after the second time
 > > >Organization:
 > > >Environment:
 > > FreeBSD roobar.jmorph.com 4.3-RELEASE FreeBSD 4.3-RELEASE #1: Tu Jul 17
 23:26:41 CDT 2001   root@roobar.jmorph.com:/usr/src/sys/compile/ROOBAR i386
 > > >Description:
 > > I reconfigured the kernel and installed it using "make isntall"
 > > (from usr/src/sys/compile/ROOBAR). I reconfigured the kernel a second
 > > time and got from the make command a:
 > > chflags: /kernel: Operation not permitted
 > > I tried all sorts of commands and variations of chflags, ch*, rm, mv,
 > > etc and with no success.
 > > There appears to be no way to remove a broken kernel from the system.
 > >
 > > >How-To-Repeat:
 > > configure a new kernel and build twice with a 'make install' from
 > > /usr/src/sys/compile/<KERNEL-NAME>.  As install sets the schg flag on
 > > the kernel and is unable to undo it.
 > > >Fix:
 > > 'chflags noschg /kernel' is not working at all.  Either avoid using the
 > > "make install" or edit the makefile and remove the '-fschg' from the
 > > install commands.  If this is too late, edit the /boot/loader.conf and
 > > add the line: "kernel=<my-new-kernel>".
 >
 > Are you running in a securelevel 1 or higher?  The init(8) manual page
 > (which is also brought up when you do 'man securelevel') clearly
 > documents that at securelevel 1, immutable flags cannot be turned off.
 >
 > Try dropping to single-user mode, and doing chflags noschg /kernel,
 > then follow up to this PR (by sending mail to
 freebsd-gnats-submit@FreeBSD.org
 > with the same Subject line) with the results: did chflags(1) give
 > an error message, did ls -lo /kernel after the chflags still show
 > an schg flag, how did the 'make install' process go..
 >
 > G'luck,
 > Peter
 >
 > --
 > When you are not looking at it, this sentence is in Spanish.
 >
 
State-Changed-From-To: feedback->closed 
State-Changed-By: roam 
State-Changed-When: Wed Jul 18 06:14:23 PDT 2001 
State-Changed-Why:  
Pilot error: the system was running at a high securelevel. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=29043 
>Unformatted:
