[CDBUG-talk] DISABLE_VULNERABILITIES=yes

freebsd at fongaboo.com freebsd at fongaboo.com
Sat Jan 16 11:27:33 EST 2016


Yeah I think my question is as much about jails as it is about ports. Half 
my problem is just that vulnerabilities are still being detected when 
trying to build a port within the jail, after I had updated ports on the 
host.

>From https://www.freebsd.org/doc/handbook/jails-ezjail.html:

> 14.6.4.2. Updating Ports
> 
> The ports tree in the basejail is shared by the other jails. Updating 
> that copy of the ports tree gives the other jails the updated version 
> also.
> 
> The basejail ports tree is updated with portsnap(8):
> 
> # ezjail-admin update -P


I haven't tried this quite yet, but am I gathering that this command is my 
solution? Updating the host's ports isn't enough?


On Wed, 13 Jan 2016, Patrick Muldoon wrote:

>> On Jan 13, 2016, at 6:49 AM, Jaime <jaime at snowmoon.com> wrote:
>>
>> Patrick, I get daily emails about the security status of installed ports without those from jobs you mentioned.  I think that it is built into the daily and weekly cronjobs.  Or maybe I configured it with periodic.conf.
>>
>
> Yeah Forgot that vulnerabilities are listed in the security email.  but by default it doesn't show packages that are updated,  so the portsnap fetch / pkg dance will email you daily which of your ports are out of date ...
>
>
>> I agree with your assessment, though.  It is probably a port dependency.
>>
>> I also agree with the idea of putting freebsd-update into cron.  Between that step and VM snapshots, I've found FreeBSD to be a dream come true (again) for OS updates.  What I used to do once every 6-18 months out of fear of breaking a critical system has become a monthly task that takes a few minutes to complete. It's great!
>>
> Yeah it is pretty awesome :)
>
>
>
> --
> Patrick Muldoon
> Network/Software Engineer
> INOC (http://www.inoc.net)
>
> Hardware: The parts of a computer system that can be kicked.
>
>



More information about the CDBUG-talk mailing list