From owner-freebsd-jail@FreeBSD.ORG Mon Aug 24 03:11:55 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D629A106564A for ; Mon, 24 Aug 2009 03:11:55 +0000 (UTC) (envelope-from jose.amengual@gmail.com) Received: from mail-px0-f198.google.com (mail-px0-f198.google.com [209.85.216.198]) by mx1.freebsd.org (Postfix) with ESMTP id A4F198FC08 for ; Mon, 24 Aug 2009 03:11:55 +0000 (UTC) Received: by pxi36 with SMTP id 36so4765789pxi.7 for ; Sun, 23 Aug 2009 20:11:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:cc:message-id:from:to :in-reply-to:content-type:content-transfer-encoding:mime-version :subject:date:references:x-mailer; bh=l+XiAwwxf2RAVnq5DpDP6gjIYG4I3GTODoMRj+YDKPc=; b=yCb5Epcm39OsGxPXSGRJq+r3fnFad5SzbUWDdIU4mbST2g/ZoQOdvs5F8pC2wPs/yC DWaf/lbMSJZQ60Lo39W5KcfhSYjED2pYpHoaqOt6ObdV+PLC7lQ7xkiWzHK5p4gTzzZd x29p/TKsa74E95PrroMt2hTBWYaCNQzuWDn14= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=cc:message-id:from:to:in-reply-to:content-type :content-transfer-encoding:mime-version:subject:date:references :x-mailer; b=pSuWM+EBPxK2n3ShJUrjfbZNU+IA+Ry8mVYT3pvLKGk66h6EXpbMC8l8H4XqymqwKI NFnCKKub+NRHYKUYmjCI1CMvfhXQwtsHN8euJNpFqJgGTGpHhMrx6RcNjapyzoh2cg/6 T5DFiTc6xDc+s1eR/g6VWEv3eOPy0veIkugb8= Received: by 10.114.163.26 with SMTP id l26mr6272777wae.173.1251083514965; Sun, 23 Aug 2009 20:11:54 -0700 (PDT) Received: from ?192.168.18.103? (S0106001310f0bb09.vc.shawcable.net [24.84.201.161]) by mx.google.com with ESMTPS id m31sm8192874wag.60.2009.08.23.20.11.53 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sun, 23 Aug 2009 20:11:53 -0700 (PDT) Message-Id: From: Jose Amengual To: Alexander Leidinger In-Reply-To: <20090822184001.00006882@unknown> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v936) Date: Sun, 23 Aug 2009 20:11:52 -0700 References: <20090820121309.122740@gmx.net> <9C042ACE-8677-4104-BBB5-5F80C7EAFD3C@gmail.com> <20090822184001.00006882@unknown> X-Mailer: Apple Mail (2.936) Cc: freebsd-jail@freebsd.org Subject: Re: Best practice to update jails X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Aug 2009 03:11:55 -0000 I was thinking in maintaining the same branch 7.x, I know that a mayor upgrade could brake to many things, so I will use another procedure for that. But looks like it will be better to update using cvsup like I allways did. Thanks. On 22-Aug-09, at 9:40 AM, Alexander Leidinger wrote: > On Thu, 20 Aug 2009 11:50:49 -0700 Jose Amengual > wrote: > >> The server is now 7.0 and was wondering what is the best practice to >> maintain security patches and kernel updates and I came out with the >> following idea : >> >> 1.- freebsd-update fetch install ( host system) >> 2.- rebuild kernel ( I have a custom kernel ) >> 3.- ezjail-update -b ( update basejail for all jails ) >> 4.- run in cron portaudit on the jails for thirty party security >> updates 5.- run portupgrade in case of a security update or for apps >> upgrade on the jails. >> >> I red in some forums that if you run freebsd-update you will need to >> do a portuprade -fa to reinstall all the thirty party apps because >> freebsd-update could upgrade or remove some libraries linked to >> that programs, is this true ?, will be better to run a cvsup and >> instead ? > > Not if you stay with the same major version of FreeBSD. If you update > from 7 to 8, this may be possible (I don't know, I don't use > freebsd-update, as I either run patched systems, or at least compile > my own kernels), but if you update from 7.x to 7.y, then this would be > an ABI change, which is very very very very much a no no in a > stable-branch (only an important security fix would be allowed to do > something like this, and only if nobody finds another way to do such > a fix without changing the ABI). > > So if you stay on the same major version you can use your procedure, > but read the release notes before, such a big impact change is > announced on a stable branch. It may be the case that we had something > like this once, but I do not remember which major version was > affected. > > Bye, > Alexander. > > > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail- > unsubscribe@freebsd.org" From owner-freebsd-jail@FreeBSD.ORG Mon Aug 24 11:06:59 2009 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0FCE1106568F for ; Mon, 24 Aug 2009 11:06:59 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id F27078FC35 for ; Mon, 24 Aug 2009 11:06:58 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n7OB6wqb048638 for ; Mon, 24 Aug 2009 11:06:58 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n7OB6wHn048634 for freebsd-jail@FreeBSD.org; Mon, 24 Aug 2009 11:06:58 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 24 Aug 2009 11:06:58 GMT Message-Id: <200908241106.n7OB6wHn048634@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-jail@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Aug 2009 11:06:59 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/133265 jail [jail] is there a solution how to run nfs client in ja o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail o bin/99566 jail [jail] [patch] fstat(1) according to specified jid o bin/32828 jail [jail] w(1) incorrectly handles stale utmp slots with 4 problems total. From owner-freebsd-jail@FreeBSD.ORG Mon Aug 24 15:27:54 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0260E106568B for ; Mon, 24 Aug 2009 15:27:54 +0000 (UTC) (envelope-from tlott@gamesnet.de) Received: from spirit.gamesnet.de (spirit.gamesnet.de [87.230.101.86]) by mx1.freebsd.org (Postfix) with ESMTP id B2A3C8FC17 for ; Mon, 24 Aug 2009 15:27:53 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by spirit.gamesnet.de (Postfix) with ESMTP id 108EC39BB77 for ; Mon, 24 Aug 2009 17:17:20 +0200 (CEST) X-Virus-Scanned: amavisd-new at gamesnet.de Received: from spirit.gamesnet.de ([127.0.0.1]) by localhost (spirit.gamesnet.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J7YKNgJe3ZO9 for ; Mon, 24 Aug 2009 17:17:17 +0200 (CEST) Received: from sub.han.vpn.gamesnet.de (sub.han.vpn.gamesnet.de [192.168.1.101]) by spirit.gamesnet.de (Postfix) with ESMTPSA id 5373439BB6E for ; Mon, 24 Aug 2009 17:17:17 +0200 (CEST) Date: Mon, 24 Aug 2009 17:17:16 +0200 From: Tobias Lott To: freebsd-jail@freebsd.org Message-ID: <20090824171716.4722c136@sub.han.vpn.gamesnet.de> X-Mailer: Claws Mail 3.7.2 (GTK+ 2.16.5; i386-portbld-freebsd7.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Accessing Unix-Sockets from Jails X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Aug 2009 15:27:54 -0000 Good Day Just a short Question, I've noticed that I can access any Domain Socket which is on the Host System within any Jail. OpenLDAP for example. jail1% ldapsearch -b dc=example,dc=com # extended LDIF # # LDAPv3 # base with scope subtree # filter: (objectclass=*) # requesting: ALL # # search result search: 2 result: 32 No such object # numResponses: 1 Reason why there is no Object is just cause I haven't imported the ldif yet. Its definitely not using tcp since slapd is bound to localhost (on Host FreeBSD) Anyway is that by Design or a Bug? uname output: FreeBSD quad.han.vpn.gamesnet.de 8.0-BETA2 FreeBSD 8.0-BETA2 #0 r196198: Fri Aug 14 00:22:42 CEST 2009 root@quad.han.vpn.gamesnet.de:/usr/obj/usr/src/sys/QUAD i386 Cheers -- Tobias Lott From owner-freebsd-jail@FreeBSD.ORG Mon Aug 24 16:13:02 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 67AFF1065692 for ; Mon, 24 Aug 2009 16:13:02 +0000 (UTC) (envelope-from stef-list@memberwebs.com) Received: from mail.npubs.com (mail.npubs.com [74.82.45.72]) by mx1.freebsd.org (Postfix) with ESMTP id 5B1368FC17 for ; Mon, 24 Aug 2009 16:13:02 +0000 (UTC) Resent-Message-Id: From: Stef Walter User-Agent: Thunderbird 2.0.0.23 (X11/20090817) MIME-Version: 1.0 To: Tobias Lott References: <20090824171716.4722c136@sub.han.vpn.gamesnet.de> Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP Resent-Date: Mon, 24 Aug 2009 16:13:02 +0000 (UTC) Resent-From: stef-list@memberwebs.com Cc: freebsd-jail@freebsd.org Subject: Re: Accessing Unix-Sockets from Jails X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: stef@memberwebs.com List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Mon, 24 Aug 2009 16:13:02 -0000 X-List-Received-Date: Mon, 24 Aug 2009 16:13:02 -0000 Tobias Lott wrote: > Good Day > > Just a short Question, I've noticed that I can access any Domain Socket > which is on the Host System within any Jail. OpenLDAP for example. > > jail1% ldapsearch -b dc=example,dc=com FWIW... slapd binds to 0.0.0.0 by default. Check 'sockstat -4' outside the jail to get a definitive answer on where it's listening. ldapsearch connects via TCP to localhost by default. Unless you've gone out of your way to change the defaults, it's unlikely that unix domain sockets are involved in this connection. Cheers, Stef From owner-freebsd-jail@FreeBSD.ORG Tue Aug 25 18:26:59 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7128A106568E for ; Tue, 25 Aug 2009 18:26:59 +0000 (UTC) (envelope-from simon@nitro.dk) Received: from mx.nitro.dk (zarniwoop.nitro.dk [83.92.207.38]) by mx1.freebsd.org (Postfix) with ESMTP id 2A7978FC57 for ; Tue, 25 Aug 2009 18:26:59 +0000 (UTC) Received: from arthur.nitro.dk (arthur.bofh [192.168.2.3]) by mx.nitro.dk (Postfix) with ESMTP id 130422D4A78; Tue, 25 Aug 2009 18:26:58 +0000 (UTC) Received: by arthur.nitro.dk (Postfix, from userid 1000) id E46405C0A; Tue, 25 Aug 2009 20:26:57 +0200 (CEST) Date: Tue, 25 Aug 2009 20:26:57 +0200 From: "Simon L. Nielsen" To: Redd Vinylene Message-ID: <20090825182656.GA1446@arthur.nitro.dk> References: <20090820121309.122740@gmx.net> <9C042ACE-8677-4104-BBB5-5F80C7EAFD3C@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.20 (2009-06-14) Cc: Jose Amengual , freebsd-jail@freebsd.org Subject: Re: Best practice to update jails X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Aug 2009 18:26:59 -0000 [Don't cc virtualization - no reason for cross post] On 2009.08.20 22:10:36 +0200, Redd Vinylene wrote: > On Thu, Aug 20, 2009 at 8:50 PM, Jose Amengual wrote: > > > I have a dev server for our developers that holds around 40 jails, each > > jail has php, mysql, python etc. > > > > The server is now 7.0 and was wondering what is the best practice to > > maintain security patches and kernel updates and I came out with the > > following idea : > > > > 1.- freebsd-update fetch install ( host system) > > 2.- rebuild kernel ( I have a custom kernel ) > > 3.- ezjail-update -b ( update basejail for all jails ) > > 4.- run in cron portaudit on the jails for thirty party security updates > > 5.- run portupgrade in case of a security update or for apps upgrade on the > > jails. > > > > I red in some forums that if you run freebsd-update you will need to do a > > portuprade -fa to reinstall all the thirty party apps because freebsd-update > > could upgrade or remove some libraries linked to that programs, is this > > true ?, will be better to run a cvsup and instead ? There is no difference wrt. ports on freebsd-update and make world. For major versions you need to recompile all ports, for minor versions you don't. Personally I use ezjail to manage a similar development setup, and I recently upgraded 7.1 -> 7.2 using 'ezjail-admin install' (or something like that). I quite often upgrade the host system and wait with the jails so you don't have to do it all in one go (though it might be simpler in). Other people mention that "most people" use use based solutions - I'm far from sure about that, at least unless you are running a modified FreeBSD or not -RELEASE, there is generally not any reason to compile it all yourself. > here's how I do it, hope it helps: http://pastie.org/590295 This does make installworld into the jail from the host - it should be mentioned that you should never do this if you use the jails for security isolation as the jail root would likely be able to perform a symlink attack. I haven't every actually looked at how it could be done, but installworld isn't make to be "secure" against such things. -- Simon L. Nielsen From owner-freebsd-jail@FreeBSD.ORG Tue Aug 25 18:52:27 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5690A106564A for ; Tue, 25 Aug 2009 18:52:27 +0000 (UTC) (envelope-from ltning@anduin.net) Received: from mail.anduin.net (mail.anduin.net [213.225.74.249]) by mx1.freebsd.org (Postfix) with ESMTP id 1683C8FC30 for ; Tue, 25 Aug 2009 18:52:26 +0000 (UTC) Received: from c8ea05ac1.dhcp.bluecom.no ([193.90.160.142] helo=[192.168.11.31]) by mail.anduin.net with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1Mg0sT-0001Mq-8Z; Tue, 25 Aug 2009 20:36:18 +0200 Mime-Version: 1.0 (Apple Message framework v1075.2) Content-Type: text/plain; charset=us-ascii; format=flowed; delsp=yes From: =?iso-8859-1?Q?Eirik_=D8verby?= X-Priority: 5 In-Reply-To: <9C042ACE-8677-4104-BBB5-5F80C7EAFD3C@gmail.com> Date: Tue, 25 Aug 2009 20:36:13 +0200 Content-Transfer-Encoding: 7bit Message-Id: References: <20090820121309.122740@gmx.net> <9C042ACE-8677-4104-BBB5-5F80C7EAFD3C@gmail.com> To: Jose Amengual , freebsd-jail@freebsd.org X-Mailer: Apple Mail (2.1075.2) Cc: Subject: Re: Best practice to update jails X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Aug 2009 18:52:27 -0000 On 20. aug. 2009, at 20.50, Jose Amengual wrote: > Hi guys. > > I have a dev server for our developers that holds around 40 jails, > each jail has php, mysql, python etc. > > The server is now 7.0 and was wondering what is the best practice to > maintain security patches and kernel updates and I came out with the > following idea : > > 1.- freebsd-update fetch install ( host system) > 2.- rebuild kernel ( I have a custom kernel ) > 3.- ezjail-update -b ( update basejail for all jails ) > 4.- run in cron portaudit on the jails for thirty party security > updates > 5.- run portupgrade in case of a security update or for apps upgrade > on the jails. sysutils/jailctl uses a pre-built /usr/obj to upgrade jails using installworld etc. Newer versions (not yet in ports) support using 'template jails'. The latter is what we use. Basically the update procedure goes like this: freebsd-update the template jail, freebsd-update the host, reboot. I have found freebsd- update to be an incredibly time-saver compared to buildworld/ installworld, and the IDS function included - despite not being a really efficient IDS tripwire-style - is extremely useful for us in determining which of our multiple-dozen jails need updates of binaries or configuration. /Eirik > I red in some forums that if you run freebsd-update you will need to > do a portuprade -fa to reinstall all the thirty party apps because > freebsd-update could upgrade or remove some libraries linked to > that programs, is this true ?, will be better to run a cvsup and > instead ? > > That are some points of my idea but reading on internet I finished > more confuse about how will be the best way to do this. > > any ideas will more appreciate. > > Thanks. > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail- > unsubscribe@freebsd.org" > From owner-freebsd-jail@FreeBSD.ORG Wed Aug 26 12:18:06 2009 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1B9FF106568B for ; Wed, 26 Aug 2009 12:18:06 +0000 (UTC) (envelope-from bazerka@beardz.net) Received: from mx-2.btshosting.co.uk (mx-2.btshosting.co.uk [87.117.208.79]) by mx1.freebsd.org (Postfix) with ESMTP id D26A68FC2C for ; Wed, 26 Aug 2009 12:18:05 +0000 (UTC) Received: from [192.168.1.65] (host86-133-121-194.range86-133.btcentralplus.com [86.133.121.194]) (Authenticated sender: bazerka@beardz.net) by mx-2.btshosting.co.uk (Postfix) with ESMTPA id 87B896E5402 for ; Wed, 26 Aug 2009 13:02:10 +0100 (BST) Message-ID: <4A95243B.4000100@beardz.net> Date: Wed, 26 Aug 2009 13:02:03 +0100 From: Jase Thew User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.1.1) Gecko/20090715 Thunderbird/3.0b3 MIME-Version: 1.0 To: freebsd-jail@freebsd.org References: <20090820121309.122740@gmx.net> <9C042ACE-8677-4104-BBB5-5F80C7EAFD3C@gmail.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Virus-Scanned: clamav-milter 0.95.2 at mx-2.btshosting.co.uk X-Virus-Status: Clean Subject: Re: Best practice to update jails X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Aug 2009 12:18:06 -0000 On 25/08/2009 19:36, Eirik Øverby wrote: > On 20. aug. 2009, at 20.50, Jose Amengual wrote: > >> Hi guys. >> >> I have a dev server for our developers that holds around 40 jails, >> each jail has php, mysql, python etc. >> >> The server is now 7.0 and was wondering what is the best practice to >> maintain security patches and kernel updates and I came out with the >> following idea : >> >> 1.- freebsd-update fetch install ( host system) >> 2.- rebuild kernel ( I have a custom kernel ) >> 3.- ezjail-update -b ( update basejail for all jails ) >> 4.- run in cron portaudit on the jails for thirty party security updates >> 5.- run portupgrade in case of a security update or for apps upgrade >> on the jails. > > sysutils/jailctl uses a pre-built /usr/obj to upgrade jails using > installworld etc. Newer versions (not yet in ports) support using > 'template jails'. The latter is what we use. > > Basically the update procedure goes like this: freebsd-update the > template jail, freebsd-update the host, reboot. I have found > freebsd-update to be an incredibly time-saver compared to > buildworld/installworld, and the IDS function included - despite not > being a really efficient IDS tripwire-style - is extremely useful for > us in determining which of our multiple-dozen jails need updates of > binaries or configuration. > > /Eirik ezjail can also utilise a pre-built /usr/obj to upgrade the base jail and already uses a templating system, fwiw. Jase. From owner-freebsd-jail@FreeBSD.ORG Wed Aug 26 19:24:16 2009 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C4272106568E for ; Wed, 26 Aug 2009 19:24:16 +0000 (UTC) (envelope-from stef-list@memberwebs.com) Received: from mail.npubs.com (mail.npubs.com [74.82.45.72]) by mx1.freebsd.org (Postfix) with ESMTP id B65E38FC1C for ; Wed, 26 Aug 2009 19:24:16 +0000 (UTC) Resent-Message-Id: From: Stef Walter User-Agent: Thunderbird 2.0.0.23 (X11/20090817) MIME-Version: 1.0 To: stef@memberwebs.com References: <4A7AE4D4.2090600@secnap.net> <20090806161117.90CA23039807@mx.npubs.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP Resent-Date: Wed, 26 Aug 2009 19:24:16 +0000 (UTC) Resent-From: stef-list@memberwebs.com Cc: freebsd-jail@FreeBSD.org Subject: Re: crontab hanging won't die on SIGTERM in jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: stef@memberwebs.com List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Wed, 26 Aug 2009 19:24:16 -0000 X-List-Received-Date: Wed, 26 Aug 2009 19:24:16 -0000 Stef Walter wrote: > Michael Scheidell wrote: >> anyone having problems during an in jail shutdown with crontab hanging? >> I have seen this in 6.4 and 7.1, on i386 and amd64. >> I don't remember problems with 6.3 > > I see this same problem in certain jails. A jail that has this problem > does it consistently, jails without the problem (on the same machine, > same FreeBSD userland/kernel) don't have the problem consistently. Turns out (for me) the bug was in jailutils, and occurred when the jail had been restarted from inside the jail using the jkill (or appropriately configured reboot) command. I've released a new version of jailutils (1.6) that fixes this problem. Cheers, Stef From owner-freebsd-jail@FreeBSD.ORG Wed Aug 26 19:32:05 2009 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 49EFF106568C for ; Wed, 26 Aug 2009 19:32:05 +0000 (UTC) (envelope-from scheidell@secnap.net) Received: from mx2.secnap.com.ionspam.net (mx2.secnap.com.ionspam.net [216.134.223.54]) by mx1.freebsd.org (Postfix) with ESMTP id 09DD08FC26 for ; Wed, 26 Aug 2009 19:32:04 +0000 (UTC) Received: from localhost (unknown [10.71.0.54]) by mx2.secnap.com.ionspam.net (Postfix) with ESMTP id 335B8D23C13; Wed, 26 Aug 2009 15:32:04 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secnap.net; h= content-type:in-reply-to:references:subject:mime-version :user-agent:from:date:message-id; s=dkim; t=1251315123; x= 1253129523; bh=cvzAg+VcdeeGYN9qECpqClYgsegzKhHRiAxz16CM1n4=; b=m jAx0EWxbjRb4kuF/TXTXl0ViryQ4tYx48xFmYBiq2gkvQ9pc2hDjLaynlwOVv4Hy vmBC+xHNQfm9FAcT8euPDiz4XbG871vDzSQN22p7DffxjyPal2gVI9UqbcaUios6 1+c92OD5AF06swPOYKPThZhraxeGdlD6yVQorzM9Sw= X-Amavis-Modified: Mail body modified (using disclaimer) - mx2.secnap.com.ionspam.net X-Virus-Scanned: SpammerTrap(r) VPS-1500 2.04 at mx2.secnap.com.ionspam.net Received: from secnap3.secnap.com (secnap3.secnap.com [204.89.241.130]) by mx2.secnap.com.ionspam.net (Postfix) with ESMTP id 21029D23C02; Wed, 26 Aug 2009 15:32:03 -0400 (EDT) Received: from Mikes-Laptop.local ([10.70.3.3]) by secnap3.secnap.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959); Wed, 26 Aug 2009 15:32:02 -0400 Message-ID: <4A958DD0.2050606@secnap.net> Date: Wed, 26 Aug 2009 15:32:32 -0400 From: Michael Scheidell User-Agent: Thunderbird 2.0.0.23 (Macintosh/20090812) MIME-Version: 1.0 To: stef@memberwebs.com References: <4A7AE4D4.2090600@secnap.net> <20090806161117.90CA23039807@mx.npubs.com> In-Reply-To: X-OriginalArrivalTime: 26 Aug 2009 19:32:02.0298 (UTC) FILETIME=[E2E91DA0:01CA2683] Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-jail@FreeBSD.org Subject: Re: crontab hanging won't die on SIGTERM in jail X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Aug 2009 19:32:05 -0000 you the jailutils guy? thanks, good stuff. (been meaning to ask why certain options that work outside of jail don't work inside also) thanks for finding this. really flustered. (but sigkill works also!) Stef Walter wrote: > Stef Walter wrote: > >> Michael Scheidell wrote: >> >>> anyone having problems during an in jail shutdown with crontab hanging? >>> I have seen this in 6.4 and 7.1, on i386 and amd64. >>> I don't remember problems with 6.3 >>> >> I see this same problem in certain jails. A jail that has this problem >> does it consistently, jails without the problem (on the same machine, >> same FreeBSD userland/kernel) don't have the problem consistently. >> > > Turns out (for me) the bug was in jailutils, and occurred when the jail > had been restarted from inside the jail using the jkill (or > appropriately configured reboot) command. > > I've released a new version of jailutils (1.6) that fixes this problem. > > Cheers, > > Stef > > -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 > *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best Anti-Spam Product 2008, Network Products Guide * King of Spam Filters, SC Magazine 2008 _________________________________________________________________________ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ _________________________________________________________________________