From owner-freebsd-security@FreeBSD.ORG Thu Sep 18 13:37:44 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A6DFE16A4B3 for ; Thu, 18 Sep 2003 13:37:44 -0700 (PDT) Received: from thesocket.net (shell.thesocket.net [216.146.68.95]) by mx1.FreeBSD.org (Postfix) with ESMTP id A6FAE43FE1 for ; Thu, 18 Sep 2003 13:37:43 -0700 (PDT) (envelope-from macova@thesocket.net) Received: from tomek (unknown [216.146.68.239]) by thesocket.net (Postfix) with ESMTP id 1894C1B6 for ; Thu, 18 Sep 2003 15:37:36 -0500 (CDT) Message-ID: <010401c373fd$f86fc320$ef88d6d8@tomek> From: "Tomasz Makulski" To: References: <20030918122317.C82609-100000@kozubik.com> Date: Fri, 5 Sep 2003 15:35:09 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: Re: Patching jails X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Sep 2003 20:37:44 -0000 mount_null -o ro /usr/src /jail/usr/src and then follow follow the regular procedure from inside the jail/chroot. PS you can always use rsync ;> Best Regards Tom ----- Original Message ----- From: "John Kozubik" To: "V. Jones" Cc: Sent: Thursday, September 18, 2003 12:28 PM Subject: Re: Patching jails > > Hello, > > On Thu, 18 Sep 2003, V. Jones wrote: > > > I'm going to apply the ssh patch. Applying it to the "real" server > > seems straightforward enough, but I'm wondering what the right procedure > > is to apply this patch to my jailed servers. > > No special procedure is necessary. Log into the jail, su to root, and > follow the instructions in the SA - they will work just fine. > > You may or may not have a populated /usr/src/secure though - you can get > it with cvsup, however it is faster and easier to simply tar up the > /usr/src/secure on the base system and untar it in the jail. I presume > this to be safe, as there should never be a version mismatch between the > base system and the jails running on it. > > The procedure in the sendmail SA that was released yesterday will also > work fine inside of a jail. Again, make sure you have /usr/src/usr.sbin > and /usr/src/lib, and so on in the jail. > > ----- > John Kozubik - john@kozubik.com - http://www.kozubik.com > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"