Patching jails
John Kozubik
john at kozubik.com
Thu Sep 18 12:51:32 PDT 2003
Hello,
On Thu, 18 Sep 2003, V. Jones wrote:
> I'm going to apply the ssh patch. Applying it to the "real" server
> seems straightforward enough, but I'm wondering what the right procedure
> is to apply this patch to my jailed servers.
No special procedure is necessary. Log into the jail, su to root, and
follow the instructions in the SA - they will work just fine.
You may or may not have a populated /usr/src/secure though - you can get
it with cvsup, however it is faster and easier to simply tar up the
/usr/src/secure on the base system and untar it in the jail. I presume
this to be safe, as there should never be a version mismatch between the
base system and the jails running on it.
The procedure in the sendmail SA that was released yesterday will also
work fine inside of a jail. Again, make sure you have /usr/src/usr.sbin
and /usr/src/lib, and so on in the jail.
-----
John Kozubik - john at kozubik.com - http://www.kozubik.com
More information about the freebsd-security
mailing list