[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ezjail] Bind Patch -- Update Jail

Thank you Michael, for the quick reply.

Good idea, but the jails' /usr/sbin is a symlink to /usr/jails/basejail/usr/sbin, which brings us back to the original question. Thanks, though.


Thank you, this sounds like a good solution, but unfortunately freebsd-update isn't even an option on our host system, as we're running the Sparc64 flavor of the distro, which is lacking in binary updates.


Andrew Klettke
Optic Fusion NOC

Subscribe to Optic Fusion's Twitter service for up to the minute network issues and maintenance notifications. http://www.twitter.com/opticfusion

Michael Scheidell wrote:
issn't bind in /usr/sbin/named?

isn't that a shared folder? (mounted read only using nullfs?)

just update it in main host, and do a jexec {jid} /etc/rc.d/named restart for each jid.

Andrew Klettke wrote:
Hello all,

I've patched BIND for the new vulnerability on a system that hosts a couple of production jails, and would like the update to be applied to the jails as well.

I've read from a few places that this can be done by stopping the jails, and then doing an ezjail-admin update in order to rebuild the jail's world. This sounds like it'd cause a fair bit of down time, which is highly undesirable.

Is there an easier way to patch BIND on our ezjail jails that wouldn't require stopping the jails for an extended period of time?

Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
> *| *SECNAP Network Security Corporation

    * Certified SNORT Integrator
    * 2008-9 Hot Company Award Winner, World Executive Alliance
    * Five-Star Partner Program 2009, VARBusiness
    * Best Anti-Spam Product 2008, Network Products Guide
    * King of Spam Filters, SC Magazine 2008


This email has been scanned and certified safe by SpammerTrap®.
For Information please see http://www.secnap.com/products/spammertrap/