[Semibug] Jails designed to be non-upgradable?
Michael W. Lucas
mwlucas at michaelwlucas.com
Thu May 16 15:46:12 EDT 2019
<eyeroll> It is absolutely possible to upgrade jails. There's
instructions in the jails book.
You have to do it correctly, and most forum users won't bother.
On Thu, May 16, 2019 at 03:14:37PM -0400, Mike Wayne wrote:
> Having run into a number of issues with jails, I posted to the
> FreeBSD forums to get some info on how to handle them. Apparently,
> it is not possible to binary update a jail, and has not been
> for quite a number of releases (freebsd-update simply fails).
> Actually, it appears that freebsd-update is unreliable in ALL cases
> and that binary updates of even a normal system are not complete.
>
> As ezjail depends on freebsd-update, that would explain why it has
> not been able to do binary updates for quite seom time either.
>
> What astonished me was this comment:
> The consensus on the web is that FreeBSD jails are not upgradable
> (nor were they designed to be upgradable). So the solution is
> to throw away the old one and recreate a new one with a new
> version
>
> This is a horrifying thought as it means that deployed servers are
> not going to get security upgrades. Plus, it now looks like that
> attitude has leaked over to base systems.
>
> Is this actually true? If so WHY?
>
> I figured I'd ping people locally before raising this on the larger
> mailing lists as, hopefully, it's a misconception on my part.
>
> _______________________________________________
> Semibug mailing list
> Semibug at lists.nycbug.org
> http://lists.nycbug.org:8080/mailman/listinfo/semibug
--
Michael W. Lucas https://mwl.io/
author of: Absolute OpenBSD, SSH Mastery, git commit murder,
Immortal Clay, PGP & GPG, Absolute FreeBSD, etc, etc, etc...
More information about the Semibug
mailing list