From owner-freebsd-security Fri Apr 20 9:57:25 2001 Delivered-To: freebsd-security@freebsd.org Received: from home.cg.nu (home.cg.nu [213.196.2.115]) by hub.freebsd.org (Postfix) with ESMTP id 366F437B440 for ; Fri, 20 Apr 2001 09:57:19 -0700 (PDT) (envelope-from henk@home.cg.nu) Received: from kpnlep (cg.nu [62.163.140.117]) by home.cg.nu (Postfix) with SMTP id 88B6F15918E for ; Fri, 20 Apr 2001 18:57:16 +0200 (CEST) Reply-To: From: "Henk Wevers" Cc: Subject: RE: jail upgrade Date: Fri, 20 Apr 2001 18:57:16 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <827788228.20010420230434@morning.ru> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.0000 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I update a jail like this make a new jail lets call it JAIL. cd JAIL rm -rf etc/ var/run var/log var/db/locate.database var/db/mouttab #leave port.mkversion alone! rm -rf root/ usr/share/ kill the jail you want to update, the jail should not be active while updating!! cp -Rp JAIL/* /where/your/jail/is/* Restart the jail again. If you are upgrading from FreeBSD 4.1x early and FreeBSD 4.2-? also update the /etc/pam.conf. Henk Wevers Working on http://jailnotes.cg.nu (please give comments) -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Igor Podlesny Sent: vrijdag 20 april 2001 18:05 To: kj Cc: freebsd-security@FreeBSD.ORG Subject: Re: jail upgrade k> Hey, all. k> I have two jails on my server. k> When I do a make world on the actual OS, does it matter if I upgrade the k> jails as well? I don't think so... imho, jails run application software basically -- so, it's okay... nevertheless, nothing could really prevent you from creating some script upgrading executables with keeping their jail's original modes, I deem. (Just seeking through specified dirs and comparing EXEs or just theirs sizes/mtimes) k> I have changed a lot of file/dir permissions and so on, and k> would rather just leave the jail file systems alone. I am just wondering k> if I don't upgrade the jails, would things start to break? k> Thanks, k> K.J. p.s. I have written a patch to jail.c which allows starting a jail with symbolic names instead of IP-addr in decimal dotten notation. I do keep /etc/hosts where symbolic names are being translated, so it's rather comfortable to setup jails, and firewalls for them. Here it is: 18a19,25 > #include > #include > #include > #include > #include > #include > 37,38c44,60 < if (!i) < errx(1, "Couldn't make sense of ip-number\n"); --- > if (!i) { > /* check if it is resolveable */ > struct hostent *hp; > hp = gethostbyname(argv[3]); > if (!hp) { > errx(1, "Couldn't make sense of the jail address\n"); > } > else { > char **p = hp->h_addr_list; > if (p[1]) { > errx(1, "Jail should have only one ip-address > associated with\n"); > } > else { > memcpy(&in.s_addr, p[0], sizeof(in.s_addr)); > } > } > } -- Igor mailto:poige@morning.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message