[Semibug] Jails designed to be non-upgradable?

Mike Wayne semibug15 at post.wayne47.com
Thu May 16 15:14:37 EDT 2019

Having run into a number of issues with jails, I posted to the
FreeBSD forums to get some info on how to handle them. Apparently,
it is not possible to binary update a jail, and has not been
for quite a number of releases (freebsd-update simply fails).
Actually, it appears that freebsd-update is unreliable in ALL cases
and that binary updates of even a normal system are not complete.

As ezjail depends on freebsd-update, that would explain why it has
not been able to do binary updates for quite seom time either.

What astonished me was this comment:
   The consensus on the web is that FreeBSD jails are not upgradable
   (nor were they designed to be upgradable). So the solution is
   to throw away the old one and recreate a new one with a new

This is a horrifying thought as it means that deployed servers are
not going to get security upgrades. Plus, it now looks like that
attitude has leaked over to base systems.

Is this actually true? If so WHY?

I figured I'd ping people locally before raising this on the larger
mailing lists as, hopefully, it's a misconception on my part.

More information about the Semibug mailing list