[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
veriexec mishap after system update
I think that the veriexec subsystem should somehow be integrated with
the update procedure.
After a system upgrade, I forgot (although I usually do) to re-run
veriexecgen and I ended up with an unusable system. During boot, some
binaries, which were updated, generated hash mismatches (reasonable)
and I couldn't even login. I had to hard reset the system, boot up
single user mode, fsck my partitions, edit rc.conf to not load
veriexec, reboot, regenerate the hashes and enable it again in
It is doable, it's just inconvenient. I think it should be documented
or perhaps be automated in some way.
Main Index |
Thread Index |