From mwm@mired.org  Sat Nov 25 22:03:50 2000
Return-Path: <mwm@mired.org>
Received: from guru.mired.org (okc-65-26-235-186.mmcable.com [65.26.235.186])
	by hub.freebsd.org (Postfix) with SMTP id A519437B4C5
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 25 Nov 2000 22:03:49 -0800 (PST)
Received: (qmail 89681 invoked by uid 100); 26 Nov 2000 06:03:48 -0000
Message-Id: <20001126060348.89680.qmail@guru.mired.org>
Date: 26 Nov 2000 06:03:48 -0000
From: mwm@mired.org
Reply-To: mwm@mired.org
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [PATCH] chflag failures when installing new kernels is now a FAQ.
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         23106
>Category:       docs
>Synopsis:       [PATCH] chflag failures when installing new kernels is now a FAQ.
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-doc
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Nov 25 22:10:01 PST 2000
>Closed-Date:    Sun Nov 26 13:23:24 GMT 2000
>Last-Modified:  Sun Nov 26 13:24:11 GMT 2000
>Originator:     Mike Meyer
>Release:        FreeBSD 5.0-CURRENT i386
>Organization:
Meyer Consulting
>Environment:
System: FreeBSD guru.mired.org 5.0-CURRENT FreeBSD 5.0-CURRENT #0: Sun Nov 19 06:16:20 CST 2000 mwm@guru.mired.org:/usr/obj/sharetmp/src/sys/GURU i386


>Description:

	Poeple are coming to -questions wondering why the chflags command
	during a kernel install fails.

>How-To-Repeat:

	Hang out in -questions until you're tired of seeing this one.

>Fix:

Here's a FAQ entry

--- book.sgml	Fri Nov 17 04:19:58 2000
+++ /tmp/faq.sgml	Sat Nov 25 23:58:59 2000
@@ -6560,6 +6560,32 @@
             will be renamed to 4.1-STABLE.</para>
         </answer>
       </qandaentry>
+
+      <qandaentry>
+        <question id="kernel-chflag-failure">
+          <para>I tried to install a new kernel, and the chflags failed.
+	        How do I get around this?</para>
+        </question>
+
+        <answer>
+          <para>Short answer: You're probably at security level
+	        greater than 0. Reboot directly to single user mode to
+		install the kernel.</para>
+
+          <para>Long answer: FreeBSD disallows changing system flags
+		at security levels greater than 0. You can check your
+		security level with the command:</para>
+
+	  <screen>&prompt.root; <userinput>sysctl kern.securelevel</userinput></screen>
+
+	   <para>You cannot lower the security level; you have to boot
+	         to single mode to install the kernel, or change it in
+	         <filename>/etc/rc.conf</filename> then reboot. See the
+	         &man.init.8 man page for details on securelevel, and
+	         <filename>/etc/defaults/rc.conf</filename> for more
+	         information on rc.conf.</para>
+        </answer>
+      </qandaentry>
     </qandaset>
   </chapter>
 

>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: ben 
State-Changed-When: Sun Nov 26 13:23:24 GMT 2000 
State-Changed-Why:  
Committed (with minor modifications), thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=23106 
>Unformatted:
