[CDBUG-talk] DISABLE_VULNERABILITIES=yes
freebsd at fongaboo.com
freebsd at fongaboo.com
Sat Jan 16 11:27:33 EST 2016
Yeah I think my question is as much about jails as it is about ports. Half
my problem is just that vulnerabilities are still being detected when
trying to build a port within the jail, after I had updated ports on the
host.
>From https://www.freebsd.org/doc/handbook/jails-ezjail.html:
> 14.6.4.2. Updating Ports
>
> The ports tree in the basejail is shared by the other jails. Updating
> that copy of the ports tree gives the other jails the updated version
> also.
>
> The basejail ports tree is updated with portsnap(8):
>
> # ezjail-admin update -P
I haven't tried this quite yet, but am I gathering that this command is my
solution? Updating the host's ports isn't enough?
On Wed, 13 Jan 2016, Patrick Muldoon wrote:
>> On Jan 13, 2016, at 6:49 AM, Jaime <jaime at snowmoon.com> wrote:
>>
>> Patrick, I get daily emails about the security status of installed ports without those from jobs you mentioned. I think that it is built into the daily and weekly cronjobs. Or maybe I configured it with periodic.conf.
>>
>
> Yeah Forgot that vulnerabilities are listed in the security email. but by default it doesn't show packages that are updated, so the portsnap fetch / pkg dance will email you daily which of your ports are out of date ...
>
>
>> I agree with your assessment, though. It is probably a port dependency.
>>
>> I also agree with the idea of putting freebsd-update into cron. Between that step and VM snapshots, I've found FreeBSD to be a dream come true (again) for OS updates. What I used to do once every 6-18 months out of fear of breaking a critical system has become a monthly task that takes a few minutes to complete. It's great!
>>
> Yeah it is pretty awesome :)
>
>
>
> --
> Patrick Muldoon
> Network/Software Engineer
> INOC (http://www.inoc.net)
>
> Hardware: The parts of a computer system that can be kicked.
>
>
More information about the CDBUG-talk
mailing list