On Fri, 5 Mar 2010 06:44:41 +0001 Jason McIntyre <j...@kerhand.co.uk>
wrote:
> On Thu, Mar 04, 2010 at 06:56:30PM -0800, J.C. Roberts wrote:
> > The deleted statement is not true for i386 (probably "no longer"
> > true) and similar statements are in the BUGS section (rather than
> > the main body) of the installboot.8 man pages for other archs. The
> > statements about securelevel requirements in the other archs are
> > often somewhat different than i386.
> >
> > At present I only have i386 running so I'm unable to test
> > alpha
> > amd64
> > mvme68k
> > mvme88k
> > mvmeppc
> > sparc
> > sparc64
> >
> > If you have any of the above archs running, please see if you can
> > run installboot at the default securelevel 1 or higher. At least
> > for i386, it seems this "bug" got fixed somewhere along the lines
> > but the man page was not updated to reflect reality.
> >
>
> just to check: installboot(8) says:
>
> Note that you must be in single-user mode or have your
> kernel in insecure mode (see the sysctl(8) kern.securelevel
> variable or /etc/rc.securelevel) to enable access to the
> raw partition of a mounted disk.
>
> that ties in with securelevel(7):
>
> 1 Secure mode
> - raw disk devices of mounted file systems are
> read-only
>
> so, securelevel(7) is wrong too?
> jmc
>
Yes, it's wrong for i386. But other archs might vary?
For example, after booting multi-user normally (securelevel 1), one
can make a bootable floppy the hard way:
# fdisk -iy fd0
# disklabel -w fd0 floppy
# newfs -t ffs -m 0 -o space -f 1024 -b 8192 -i 1048575 -c 2880 -s \
> 2880 /dev/rfd0a fsck -fp /dev/fd0a
# mount /dev/fd0a /mnt
# cp /usr/mdec/boot /mnt/.
# cp /arc/test/bsd /mnt/.
# /usr/mdec/installboot -v /mnt/boot /usr/mdec/biosboot /dev/rfd0c
# umount /dev/fd0a
# fsck -fp /dev/fd0a
installboot is writing to /dev/rwd0c when it is mounted.
I don't have the exact commands handy, but I did a similar test of
installboot on the primary boot hard disk (wd0) of a system after
booting the system normally into multi-user. The results were the
same. I did it just to make sure. This was harsh test with the
possibility of data loss, so I wouldn't suggest it for testing the
other archs.
If you "boot into" single user mode (`boot> boot -s`), your disk
will be mounted read only on startup. Well, to be accurate, only the
root partition will be mounted, and it will be read-only.
On the hand, if you use another way to drop the securelevel, such as
booting multi-user normally and then sending a TERM signal to init(8),
in this case your disks remain mounted rw.
Hence the need to also remove the "See Other init8)" from the i386
installboot.8 man page.
I'm running the 4.7-beta GENERIC #539 Feb 26 i386 snapshot...
*** My only concern is the snapshot kernel *might* have something
*** important turned off/on for debugging purposes which makes the
*** above possible when normally it's not possible?
jon
