From owner-freebsd-jail@FreeBSD.ORG Sun Dec 16 11:18:08 2007 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 662F616A41B for ; Sun, 16 Dec 2007 11:18:08 +0000 (UTC) (envelope-from michel@douyere.com) Received: from postfix1-g20.free.fr (postfix1-g20.free.fr [212.27.60.42]) by mx1.freebsd.org (Postfix) with ESMTP id F250213C4D5 for ; Sun, 16 Dec 2007 11:18:07 +0000 (UTC) (envelope-from michel@douyere.com) Received: from smtp4-g19.free.fr (smtp4-g19.free.fr [212.27.42.30]) by postfix1-g20.free.fr (Postfix) with ESMTP id BCDF8202C1B7 for ; Sun, 16 Dec 2007 12:01:23 +0100 (CET) Received: from smtp4-g19.free.fr (localhost.localdomain [127.0.0.1]) by smtp4-g19.free.fr (Postfix) with ESMTP id BCA603EA0D2 for ; Sun, 16 Dec 2007 12:01:21 +0100 (CET) Received: from cyan.douyere.com (laf31-3-82-225-216-24.fbx.proxad.net [82.225.216.24]) by smtp4-g19.free.fr (Postfix) with ESMTP id A3A463EA110 for ; Sun, 16 Dec 2007 12:01:21 +0100 (CET) From: Michel To: freebsd-jail@freebsd.org Date: Sun, 16 Dec 2007 12:01:20 +0100 User-Agent: KMail/1.9.7 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200712161201.20479.michel@douyere.com> Subject: Updating the kernel X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Dec 2007 11:18:08 -0000 Hello, I have a box running a 6.2-RELEASE with 3 jails and 6.3 is coming soon. So can I update my kernel (and how) without any trouble for the users in the jails ? I know that there is a binary compatibility between 6.2 and 6.3 but can I do a source update, make world, make kernel, install kernel, install world, mergemaster and leave the jails unchanged ? Regards From owner-freebsd-jail@FreeBSD.ORG Sun Dec 16 13:31:36 2007 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 04ACF16A421 for ; Sun, 16 Dec 2007 13:31:36 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [82.208.36.70]) by mx1.freebsd.org (Postfix) with ESMTP id 94A7813C465 for ; Sun, 16 Dec 2007 13:31:35 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from localhost (localhost.codelab.cz [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id A130B19E023; Sun, 16 Dec 2007 14:11:44 +0100 (CET) Received: from [192.168.1.2] (r3a200.net.upc.cz [213.220.192.200]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTP id 11D9419E019; Sun, 16 Dec 2007 14:11:40 +0100 (CET) Message-ID: <47652425.7070207@quip.cz> Date: Sun, 16 Dec 2007 14:12:05 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.12) Gecko/20050915 X-Accept-Language: cz, cs, en, en-us MIME-Version: 1.0 To: Michel References: <200712161201.20479.michel@douyere.com> In-Reply-To: <200712161201.20479.michel@douyere.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-jail@freebsd.org Subject: Re: Updating the kernel X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Dec 2007 13:31:36 -0000 Michel wrote: > Hello, > > I have a box running a 6.2-RELEASE with 3 jails and 6.3 is coming soon. So can > I update my kernel (and how) without any trouble for the users in the jails ? > > I know that there is a binary compatibility between 6.2 and 6.3 but can I do a > source update, make world, make kernel, install kernel, install world, > mergemaster and leave the jails unchanged ? You can use source upgrade, or "brand new" binary upgrade http://www.daemonology.net/blog/2007-11-10-freebsd-minor-version-upgrade.html http://www.daemonology.net/blog/2007-11-11-freebsd-major-version-upgrade.html I have test machine, where I upgraded host system from 6.2 to 7.0-BETA4 and Jails are still 6.2. Everything works withou any problem. (but this machine in not heavily loaded) Or if you want, you can upgrade host kernel and world and then jails world. Miroslav Lachman From owner-freebsd-jail@FreeBSD.ORG Wed Dec 19 14:54:30 2007 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B39AE16A41A for ; Wed, 19 Dec 2007 14:54:30 +0000 (UTC) (envelope-from andrew.hotlab@hotmail.com) Received: from bay0-omc3-s31.bay0.hotmail.com (bay0-omc3-s31.bay0.hotmail.com [65.54.246.231]) by mx1.freebsd.org (Postfix) with ESMTP id 567F613C46A for ; Wed, 19 Dec 2007 14:54:30 +0000 (UTC) (envelope-from andrew.hotlab@hotmail.com) Received: from BAY102-W41 ([64.4.61.141]) by bay0-omc3-s31.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Wed, 19 Dec 2007 06:42:31 -0800 Message-ID: X-Originating-IP: [217.133.1.92] From: Andrew Hotlab To: FreeBSD-Jail Date: Wed, 19 Dec 2007 14:42:31 +0000 Importance: Normal MIME-Version: 1.0 X-OriginalArrivalTime: 19 Dec 2007 14:42:31.0304 (UTC) FILETIME=[6287C880:01C8424D] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: How to better update a jail host system X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Dec 2007 14:54:30 -0000 Hi to all. =20 That's my first post to this list, and I want to tanks all the guys who spe= nd their time helping the FreeBSD Community to obtain the most from this wo= nderful OS, and I'll be glad to grow my experience as fast as possible to b= e able to donate my modest contribute too. =20 Coming from a MSFT professional experience, I've been particularly impresse= d by the FreeBSD jail system, and I'm using the ezjail framework to manage = some jails on a FreeBSD 6.2-RELEASE host in a pre-production environment. To track the security branch both on the host and the jails I'm using the "= update from source" method: I synchronize the source tree with csup(1), bui= ld and install the kernel, build and install the userland for the host firs= t and then for the jails (using the ezjail-admin(1) "update -i" switch). =20 All that is working fine now, but I wonder if I could speed up the whole pr= ocess, by switching to the binary update method. By using the freebsd-updat= e(8) utility on the host I think to maintain the system cleaner (this utili= ty only updates the installed distributions) and to reduce the administrati= ve effort (no mergemaster(8) required, I'm right?). =20 Do you think my thinking is right, or there are some aspects I'm missing? (= As I said, I'm not a very experienced FreeBSD sysadmin) :) =20 TIA =20 Andrew =20 _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/= From owner-freebsd-jail@FreeBSD.ORG Thu Dec 20 07:51:31 2007 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 741AE16A420 for ; Thu, 20 Dec 2007 07:51:31 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from redbull.bpaserver.net (redbullneu.bpaserver.net [213.198.78.217]) by mx1.freebsd.org (Postfix) with ESMTP id 0E05313C45D for ; Thu, 20 Dec 2007 07:51:30 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from outgoing.leidinger.net (p54A57E8C.dip.t-dialin.net [84.165.126.140]) by redbull.bpaserver.net (Postfix) with ESMTP id E08642E116; Thu, 20 Dec 2007 08:34:44 +0100 (CET) Received: from webmail.leidinger.net (webmail.Leidinger.net [192.168.1.102]) by outgoing.leidinger.net (Postfix) with ESMTP id DEA5D7C092; Thu, 20 Dec 2007 08:34:41 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=Leidinger.net; s=outgoing-alex; t=1198136082; bh=cVi58KkQ0z/lFozBuFTbB9gdl+7wATs7y fBS9xWACg4=; h=Message-ID:X-Priority:Date:From:To:Cc:Subject: References:In-Reply-To:MIME-Version:Content-Type: Content-Disposition:Content-Transfer-Encoding:User-Agent; b=tbGhPv SZRWBV3Trh/qv0OkOIWE4BIvH0GXgd0qCJ9vVIKd0PO/QYBteTt12WZT0nANFub83UM zVwtbhjgjABIzVmsAv3YZ6xhxt1M7wiIr0R3NUCaZVAP9S3RE5W7krYCut3dVFBeSy1 fnU8DZxQtILKTaoEUKEfKT1DRNlI6QN5RzE/4Ft7Y7hdVnukM0rUcS/RMY8sA7OUloC mK8vdnSBk/aAdIrpQd92hUSbbT4xo7hczRMDklQt6lrPaXB5V3UKXN8CbKR2MGtqt7F /Gdk/Vf22VQJc+7zXpAqyGoGttjnpAsc53bUlQE2hYcx4yE6PxoPbu75N9BMTUPP5oi g== Received: (from www@localhost) by webmail.leidinger.net (8.14.1/8.13.8/Submit) id lBK7Yfkx080236; Thu, 20 Dec 2007 08:34:41 +0100 (CET) (envelope-from Alexander@Leidinger.net) Received: from pslux.cec.eu.int (pslux.cec.eu.int [158.169.9.14]) by webmail.leidinger.net (Horde MIME library) with HTTP; Thu, 20 Dec 2007 08:34:41 +0100 Message-ID: <20071220083441.uo6hmypq84ssoowc@webmail.leidinger.net> X-Priority: 3 (Normal) Date: Thu, 20 Dec 2007 08:34:41 +0100 From: Alexander Leidinger To: Andrew Hotlab References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable User-Agent: Internet Messaging Program (IMP) H3 (4.1.4) / FreeBSD-7.0 X-BPAnet-MailScanner-Information: Please contact the ISP for more information X-BPAnet-MailScanner: Found to be clean X-BPAnet-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-13.427, required 6, BAYES_00 -15.00, DKIM_SIGNED 0.00, DKIM_VERIFIED -0.00, MIME_QP_LONG_LINE 1.40, RDNS_DYNAMIC 0.10, TW_ZJ 0.08) X-BPAnet-MailScanner-From: alexander@leidinger.net X-Spam-Status: No Cc: FreeBSD-Jail Subject: Re: How to better update a jail host system X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Dec 2007 07:51:31 -0000 Quoting Andrew Hotlab (from Wed, 19 Dec =20 2007 14:42:31 +0000): > Coming from a MSFT professional experience, I've been particularly =20 > impressed by the FreeBSD jail system, and I'm using the ezjail =20 > framework to manage some jails on a FreeBSD 6.2-RELEASE host in a =20 > pre-production environment. > To track the security branch both on the host and the jails I'm =20 > using the "update from source" method: I synchronize the source tree =20 > with csup(1), build and install the kernel, build and install the =20 > userland for the host first and then for the jails (using the =20 > ezjail-admin(1) "update -i" switch). You should maybe use "make delete-old DESTDIR=3D/path/to/basejail" (and =20 delete-old-libs after making sure all ports which depend upon the old =20 files (check-old-files lists the old files) are rebuild with the new =20 ones) in the src directory. On a -stable branch there should be not =20 much removed, but if you keep the system over several releases, it's =20 handy. > All that is working fine now, but I wonder if I could speed up the =20 > whole process, by switching to the binary update method. By using =20 > the freebsd-update(8) utility on the host I think to maintain the =20 > system cleaner (this utility only updates the installed =20 > distributions) and to reduce the administrative effort (no =20 > mergemaster(8) required, I'm right?). I don't know how freebsd-update handles the changes in /etc, but it =20 can not do magic (for the update you have to update the basejail, and =20 as such freebsd-update doesn't know about the etc directory of each =20 jail), so something like mergemaster has to be done. I also don't know =20 how it handles old (removed) files, maybe is doesn't touch them, to be =20 on the safe side. Regarding the distributions which you haven't installed: you can =20 exclude parts from building/installation. If you have a 7.x system, =20 you can do "man src.conf" for all the options =20 (http://www.freebsd.org/cgi/man.cgi?query=3Dsrc.conf&apropos=3D0&sektion=3D0= &manpath=3DFreeBSD+7.0-RELEASE&format=3Dhtml). 6.x has similar options, but = IIRC you have to specify them in =20 make.conf. Bye, Alexander. --=20 The egg cream is psychologically the opposite of circumcision -- it *pleasurably* reaffirms your Jewishness. =09=09-- Mel Brooks http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID =3D B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID =3D 72077137 From owner-freebsd-jail@FreeBSD.ORG Thu Dec 20 13:34:53 2007 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A2F3016A417 for ; Thu, 20 Dec 2007 13:34:53 +0000 (UTC) (envelope-from andrew.hotlab@hotmail.com) Received: from bay0-omc3-s14.bay0.hotmail.com (bay0-omc3-s14.bay0.hotmail.com [65.54.246.214]) by mx1.freebsd.org (Postfix) with ESMTP id 9161813C4E9 for ; Thu, 20 Dec 2007 13:34:53 +0000 (UTC) (envelope-from andrew.hotlab@hotmail.com) Received: from BAY138-DS1 ([64.4.49.28]) by bay0-omc3-s14.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Thu, 20 Dec 2007 05:34:53 -0800 X-Originating-IP: [217.133.1.92] X-Originating-Email: [andrew.hotlab@hotmail.com] Message-ID: From: "Andrew Hotlab" To: "freebsd-jail" References: <20071220083441.uo6hmypq84ssoowc@webmail.leidinger.net> In-Reply-To: <20071220083441.uo6hmypq84ssoowc@webmail.leidinger.net> Date: Thu, 20 Dec 2007 14:34:35 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: AchC2tEwux5AAXs9S6+IzbEYWuZ2KgAINicw Content-Language: en-us X-OriginalArrivalTime: 20 Dec 2007 13:34:53.0847 (UTC) FILETIME=[1A82BA70:01C8430D] Subject: RE: How to better update a jail host system X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Dec 2007 13:34:53 -0000 > -----Original Message----- > From: Alexander Leidinger [mailto:Alexander@Leidinger.net] > Sent: Thursday, December 20, 2007 8:35 AM > To: Andrew Hotlab > Cc: FreeBSD-Jail > Subject: Re: How to better update a jail host system >=20 > > To track the security branch both on the host and the jails I'm > > using the "update from source" method: I synchronize the source tree > > with csup(1), build and install the kernel, build and install the > > userland for the host first and then for the jails (using the > > ezjail-admin(1) "update -i" switch). >=20 > You should maybe use "make delete-old DESTDIR=3D/path/to/basejail" = (and > delete-old-libs after making sure all ports which depend upon the old > files (check-old-files lists the old files) are rebuild with the new > ones) in the src directory. On a -stable branch there should be not > much removed, but if you keep the system over several releases, it's > handy. That's a good point: I was missing it... I thought that all that would = be done by "ezjail-admin upgrade" :) > > All that is working fine now, but I wonder if I could speed up the > > whole process, by switching to the binary update method. By using > > the freebsd-update(8) utility on the host I think to maintain the > > system cleaner (this utility only updates the installed > > distributions) and to reduce the administrative effort (no > > mergemaster(8) required, I'm right?). >=20 > I don't know how freebsd-update handles the changes in /etc, but it > can not do magic (for the update you have to update the basejail, and > as such freebsd-update doesn't know about the etc directory of each > jail), so something like mergemaster has to be done. I also don't know > how it handles old (removed) files, maybe is doesn't touch them, to be > on the safe side. That's another aspect I wasn't thinking of. How important might be to = update files in the /etc directory in the jails, when tracking the = security branch? > Regarding the distributions which you haven't installed: you can > exclude parts from building/installation. If you have a 7.x system, > you can do "man src.conf" for all the options > = (http://www.freebsd.org/cgi/man.cgi?query=3Dsrc.conf&apropos=3D0&sektion=3D= 0& > manpath=3DFreeBSD+7.0-RELEASE&format=3Dhtml). 6.x has similar options, = but > IIRC you have to specify them in > make.conf. I definitely think I'll do that from now on, and I'll likely continue = upgrading the host by building it from sources: I'll have to maintain = the sources anyway, because of the ezjail update procedure, and there = will be some kernel modifications that I'll need in the future to = improve performance on the host system (for example, do you think it = would be a nice idea to build nullfs support into the kernel?). Thanks for your suggestions. Andrew From owner-freebsd-jail@FreeBSD.ORG Thu Dec 20 15:52:47 2007 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id ACA3016A417 for ; Thu, 20 Dec 2007 15:52:47 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from redbull.bpaserver.net (redbullneu.bpaserver.net [213.198.78.217]) by mx1.freebsd.org (Postfix) with ESMTP id 3556713C44B for ; Thu, 20 Dec 2007 15:52:47 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from outgoing.leidinger.net (p54A54494.dip.t-dialin.net [84.165.68.148]) by redbull.bpaserver.net (Postfix) with ESMTP id BA79E2E173; Thu, 20 Dec 2007 16:46:59 +0100 (CET) Received: from deskjail (deskjail.Leidinger.net [192.168.1.109]) by outgoing.leidinger.net (Postfix) with ESMTP id DFF1A7DE5A; Thu, 20 Dec 2007 16:46:56 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=Leidinger.net; s=outgoing-alex; t=1198165617; bh=YMRCVFlONFBASS6OyVB22EAiqbMY/tET4 1I80HGabeE=; h=Date:From:To:Subject:Message-ID:In-Reply-To: References:X-Mailer:Mime-Version:Content-Type: Content-Transfer-Encoding; b=vmbcLgAY2EA1dXenvdhNxLe3N5W+0UFpwdSGU s0AjMBqvaadz/ZaAhb/De5IIobt3SOTaXyNb9hmub+qdgg4DNXa3mDS/5kla5Gx9iW7 O9B8CbdmPKrfy2OWv1zSkSUe37g5fFoskjoQhkHpYQEywu3ysZMGsf02+wBpnSNjZEJ gB3TpFidekS3uEqfOQj1dQe83GJSQNHx3cFf3i3WBwsYrrpmAzxSAL13AKXlJ759pk+ ibCdtL5159p5Fpxhw3ZQGMbX5J4rOmWXQ4CVt8dG5x7cM1bNoeWSxiwfUPrLkZ3CSB5 KLHlEuL2NtnEkHTn/lB4oUoxWGnQXMJkbYcSA== Date: Thu, 20 Dec 2007 16:46:56 +0100 From: Alexander Leidinger To: freebsd-jail@freebsd.org, "Andrew Hotlab" Message-ID: <20071220164656.1acd2b45@deskjail> In-Reply-To: References: <20071220083441.uo6hmypq84ssoowc@webmail.leidinger.net> X-Mailer: Claws Mail 3.0.1 (GTK+ 2.10.14; i686-portbld-freebsd7.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BPAnet-MailScanner-Information: Please contact the ISP for more information X-BPAnet-MailScanner: Found to be clean X-BPAnet-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-14.823, required 6, BAYES_00 -15.00, DKIM_SIGNED 0.00, DKIM_VERIFIED -0.00, RDNS_DYNAMIC 0.10, TW_ZJ 0.08) X-BPAnet-MailScanner-From: alexander@leidinger.net X-Spam-Status: No Cc: Subject: Re: How to better update a jail host system X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Dec 2007 15:52:47 -0000 Quoting "Andrew Hotlab" (Thu, 20 Dec 2007 14:34:35 +0100): > > > All that is working fine now, but I wonder if I could speed up the > > > whole process, by switching to the binary update method. By using > > > the freebsd-update(8) utility on the host I think to maintain the > > > system cleaner (this utility only updates the installed > > > distributions) and to reduce the administrative effort (no > > > mergemaster(8) required, I'm right?). > > > > I don't know how freebsd-update handles the changes in /etc, but it > > can not do magic (for the update you have to update the basejail, and > > as such freebsd-update doesn't know about the etc directory of each > > jail), so something like mergemaster has to be done. I also don't know > > how it handles old (removed) files, maybe is doesn't touch them, to be > > on the safe side. > > That's another aspect I wasn't thinking of. How important might be to > update files in the /etc directory in the jails, when tracking the > security branch? There may be no change in /etc, except when there's a security patch needed there, and then you most likely want this change. > > Regarding the distributions which you haven't installed: you can > > exclude parts from building/installation. If you have a 7.x system, > > you can do "man src.conf" for all the options > > (http://www.freebsd.org/cgi/man.cgi?query=src.conf&apropos=0&sektion=0& > > manpath=FreeBSD+7.0-RELEASE&format=html). 6.x has similar options, but > > IIRC you have to specify them in > > make.conf. > > I definitely think I'll do that from now on, and I'll likely continue > upgrading the host by building it from sources: I'll have to maintain > the sources anyway, because of the ezjail update procedure, and there > will be some kernel modifications that I'll need in the future to > improve performance on the host system (for example, do you think it > would be a nice idea to build nullfs support into the kernel?). It doesn't matter if nullfs is loaded as a module or if it is compiled into the kernel. On my systems I use a small kernel (everything which can not be loaded as a module and doesn't change the behavior depending on kernel options) and load what I need as a module. Bye, Alexander. -- http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137