[Semibug] Jails designed to be non-upgradable?

Michael W. Lucas mwlucas at michaelwlucas.com
Thu May 16 15:46:12 EDT 2019

<eyeroll> It is absolutely possible to upgrade jails. There's
instructions in the jails book.

You have to do it correctly, and most forum users won't bother.

On Thu, May 16, 2019 at 03:14:37PM -0400, Mike Wayne wrote:
> Having run into a number of issues with jails, I posted to the
> FreeBSD forums to get some info on how to handle them. Apparently,
> it is not possible to binary update a jail, and has not been
> for quite a number of releases (freebsd-update simply fails).
> Actually, it appears that freebsd-update is unreliable in ALL cases
> and that binary updates of even a normal system are not complete.
> As ezjail depends on freebsd-update, that would explain why it has
> not been able to do binary updates for quite seom time either.
> What astonished me was this comment:
>    The consensus on the web is that FreeBSD jails are not upgradable
>    (nor were they designed to be upgradable). So the solution is
>    to throw away the old one and recreate a new one with a new
>    version
> This is a horrifying thought as it means that deployed servers are
> not going to get security upgrades. Plus, it now looks like that
> attitude has leaked over to base systems.
> Is this actually true? If so WHY?
> I figured I'd ping people locally before raising this on the larger
> mailing lists as, hopefully, it's a misconception on my part.
> _______________________________________________
> Semibug mailing list
> Semibug at lists.nycbug.org
> http://lists.nycbug.org:8080/mailman/listinfo/semibug

Michael W. Lucas 	https://mwl.io/
author of: Absolute OpenBSD, SSH Mastery, git commit murder,
Immortal Clay, PGP & GPG, Absolute FreeBSD, etc, etc, etc...

More information about the Semibug mailing list