[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ezjail] Bind Patch -- Update Jail

issn't bind in /usr/sbin/named?

isn't that a shared folder? (mounted read only using nullfs?)

just update it in main host, and do a jexec {jid} /etc/rc.d/named restart for each jid.

Andrew Klettke wrote:
Hello all,

I've patched BIND for the new vulnerability on a system that hosts a couple of production jails, and would like the update to be applied to the jails as well.

I've read from a few places that this can be done by stopping the jails, and then doing an ezjail-admin update in order to rebuild the jail's world. This sounds like it'd cause a fair bit of down time, which is highly undesirable.

Is there an easier way to patch BIND on our ezjail jails that wouldn't require stopping the jails for an extended period of time?

Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> | SECNAP Network Security Corporation
  • Certified SNORT Integrator
  • 2008-9 Hot Company Award Winner, World Executive Alliance
  • Five-Star Partner Program 2009, VARBusiness
  • Best Anti-Spam Product 2008, Network Products Guide
  • King of Spam Filters, SC Magazine 2008

This email has been scanned and certified safe by SpammerTrap®.
For Information please see http://www.secnap.com/products/spammertrap/