Date: Fri, 20 Apr 2001 18:57:16 +0200 From: "Henk Wevers" <henk@home.cg.nu> Cc: <freebsd-security@FreeBSD.ORG> Subject: RE: jail upgrade Message-ID: <MPEPKFEAILKHINDACAIOGENOCBAA.henk@home.cg.nu> In-Reply-To: <827788228.20010420230434@morning.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
I update a jail like this make a new jail lets call it JAIL. cd JAIL rm -rf etc/ var/run var/log var/db/locate.database var/db/mouttab #leave port.mkversion alone! rm -rf root/ usr/share/ kill the jail you want to update, the jail should not be active while updating!! cp -Rp JAIL/* /where/your/jail/is/* Restart the jail again. If you are upgrading from FreeBSD 4.1x early and FreeBSD 4.2-? also update the /etc/pam.conf. Henk Wevers Working on http://jailnotes.cg.nu (please give comments) -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Igor Podlesny Sent: vrijdag 20 april 2001 18:05 To: kj Cc: freebsd-security@FreeBSD.ORG Subject: Re: jail upgrade k> Hey, all. k> I have two jails on my server. k> When I do a make world on the actual OS, does it matter if I upgrade the k> jails as well? I don't think so... imho, jails run application software basically -- so, it's okay... nevertheless, nothing could really prevent you from creating some script upgrading executables with keeping their jail's original modes, I deem. (Just seeking through specified dirs and comparing EXEs or just theirs sizes/mtimes) k> I have changed a lot of file/dir permissions and so on, and k> would rather just leave the jail file systems alone. I am just wondering k> if I don't upgrade the jails, would things start to break? k> Thanks, k> K.J. p.s. I have written a patch to jail.c which allows starting a jail with symbolic names instead of IP-addr in decimal dotten notation. I do keep /etc/hosts where symbolic names are being translated, so it's rather comfortable to setup jails, and firewalls for them. Here it is: 18a19,25 > #include <sys/types.h> > #include <sys/socket.h> > #include <netinet/in.h> > #include <arpa/inet.h> > #include <netdb.h> > #include <unistd.h> > 37,38c44,60 < if (!i) < errx(1, "Couldn't make sense of ip-number\n"); --- > if (!i) { > /* check if it is resolveable */ > struct hostent *hp; > hp = gethostbyname(argv[3]); > if (!hp) { > errx(1, "Couldn't make sense of the jail address\n"); > } > else { > char **p = hp->h_addr_list; > if (p[1]) { > errx(1, "Jail should have only one ip-address > associated with\n"); > } > else { > memcpy(&in.s_addr, p[0], sizeof(in.s_addr)); > } > } > } -- Igor mailto:poige@morning.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MPEPKFEAILKHINDACAIOGENOCBAA.henk>