From owner-freebsd-jail@FreeBSD.ORG Thu Dec 20 15:52:47 2007 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id ACA3016A417 for ; Thu, 20 Dec 2007 15:52:47 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from redbull.bpaserver.net (redbullneu.bpaserver.net [213.198.78.217]) by mx1.freebsd.org (Postfix) with ESMTP id 3556713C44B for ; Thu, 20 Dec 2007 15:52:47 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from outgoing.leidinger.net (p54A54494.dip.t-dialin.net [84.165.68.148]) by redbull.bpaserver.net (Postfix) with ESMTP id BA79E2E173; Thu, 20 Dec 2007 16:46:59 +0100 (CET) Received: from deskjail (deskjail.Leidinger.net [192.168.1.109]) by outgoing.leidinger.net (Postfix) with ESMTP id DFF1A7DE5A; Thu, 20 Dec 2007 16:46:56 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=Leidinger.net; s=outgoing-alex; t=1198165617; bh=YMRCVFlONFBASS6OyVB22EAiqbMY/tET4 1I80HGabeE=; h=Date:From:To:Subject:Message-ID:In-Reply-To: References:X-Mailer:Mime-Version:Content-Type: Content-Transfer-Encoding; b=vmbcLgAY2EA1dXenvdhNxLe3N5W+0UFpwdSGU s0AjMBqvaadz/ZaAhb/De5IIobt3SOTaXyNb9hmub+qdgg4DNXa3mDS/5kla5Gx9iW7 O9B8CbdmPKrfy2OWv1zSkSUe37g5fFoskjoQhkHpYQEywu3ysZMGsf02+wBpnSNjZEJ gB3TpFidekS3uEqfOQj1dQe83GJSQNHx3cFf3i3WBwsYrrpmAzxSAL13AKXlJ759pk+ ibCdtL5159p5Fpxhw3ZQGMbX5J4rOmWXQ4CVt8dG5x7cM1bNoeWSxiwfUPrLkZ3CSB5 KLHlEuL2NtnEkHTn/lB4oUoxWGnQXMJkbYcSA== Date: Thu, 20 Dec 2007 16:46:56 +0100 From: Alexander Leidinger To: freebsd-jail@freebsd.org, "Andrew Hotlab" Message-ID: <20071220164656.1acd2b45@deskjail> In-Reply-To: References: <20071220083441.uo6hmypq84ssoowc@webmail.leidinger.net> X-Mailer: Claws Mail 3.0.1 (GTK+ 2.10.14; i686-portbld-freebsd7.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BPAnet-MailScanner-Information: Please contact the ISP for more information X-BPAnet-MailScanner: Found to be clean X-BPAnet-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-14.823, required 6, BAYES_00 -15.00, DKIM_SIGNED 0.00, DKIM_VERIFIED -0.00, RDNS_DYNAMIC 0.10, TW_ZJ 0.08) X-BPAnet-MailScanner-From: alexander@leidinger.net X-Spam-Status: No Cc: Subject: Re: How to better update a jail host system X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Dec 2007 15:52:47 -0000 Quoting "Andrew Hotlab" (Thu, 20 Dec 2007 14:34:35 +0100): > > > All that is working fine now, but I wonder if I could speed up the > > > whole process, by switching to the binary update method. By using > > > the freebsd-update(8) utility on the host I think to maintain the > > > system cleaner (this utility only updates the installed > > > distributions) and to reduce the administrative effort (no > > > mergemaster(8) required, I'm right?). > > > > I don't know how freebsd-update handles the changes in /etc, but it > > can not do magic (for the update you have to update the basejail, and > > as such freebsd-update doesn't know about the etc directory of each > > jail), so something like mergemaster has to be done. I also don't know > > how it handles old (removed) files, maybe is doesn't touch them, to be > > on the safe side. > > That's another aspect I wasn't thinking of. How important might be to > update files in the /etc directory in the jails, when tracking the > security branch? There may be no change in /etc, except when there's a security patch needed there, and then you most likely want this change. > > Regarding the distributions which you haven't installed: you can > > exclude parts from building/installation. If you have a 7.x system, > > you can do "man src.conf" for all the options > > (http://www.freebsd.org/cgi/man.cgi?query=src.conf&apropos=0&sektion=0& > > manpath=FreeBSD+7.0-RELEASE&format=html). 6.x has similar options, but > > IIRC you have to specify them in > > make.conf. > > I definitely think I'll do that from now on, and I'll likely continue > upgrading the host by building it from sources: I'll have to maintain > the sources anyway, because of the ezjail update procedure, and there > will be some kernel modifications that I'll need in the future to > improve performance on the host system (for example, do you think it > would be a nice idea to build nullfs support into the kernel?). It doesn't matter if nullfs is loaded as a module or if it is compiled into the kernel. On my systems I use a small kernel (everything which can not be loaded as a module and doesn't change the behavior depending on kernel options) and load what I need as a module. Bye, Alexander. -- http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137