On 04/30/13 19:43, Brett Glass wrote: > When you use freebsd-update(8) in the usual manner, it fetches all of the > source and binary updates necessary to bring the system up to the latest > security patch level. When a userland binary is updated, it overwrites the > source and binary. But when the kernel is updated, it moves /boot/kernel to > /boot/kernel.old and then drops a GENERIC kernel into /boot/kernel. If > there were no loadable modules in /boot/kernel at the start of the update, > none are placed in /boot/kernel afterward. This is problematic, because > the custom kernel that previously resided in /boot/kernel might have had some > necessary modules built in... and they will not be available, either as > compiled-in modules or as loadable modules, at the next reboot. > > To leave the system in a precarious state, where a power glitch could > leave it unable to reboot, does not seem to me like a good idea. If > /boot/GENERIC exists (which means that the administrator has built a custom > kernel and saved the GENERIC kernel there), best to update /boot/GENERIC and > leave the custom kernel in place, to be rebuilt if needed. If you don't want freebsd-update to update your kernel, remove 'kernel' from the 'Components' line in /etc/freebsd-update.conf. -- Colin Percival Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"