# freebsd-update in a jail



## minimike (Jul 26, 2011)

Hi there

I've installed FreeBSD 9 CURRENT on my Server because it gives me a better support about my hardware. On Jails I want to run FreeBSD 8.2-RELEASE. It runs fine, but I've got only one problem with freebsd-update on my jails.


```
freebsd-one# freebsd-update -r 8.2-RELEASE upgrade
Looking up update.FreeBSD.org mirrors... 4 mirrors found.
Fetching public key from update4.FreeBSD.org... failed.
Fetching public key from update5.FreeBSD.org... failed.
Fetching public key from update3.FreeBSD.org... failed.
Fetching public key from update2.FreeBSD.org... failed.
No mirrors remaining, giving up.
```

Is there a trick to upgrade my 8.2-RELEASE based Jails?

cheers
Darko


----------



## Columbo0815 (Jul 26, 2011)

Hi minimike,

Do you have an /etc/resolv.conf inside the jail? Why do you run *upgrade*? The jail is already 8.2-RELEASE, isn't it? What about *freebsd-update -r 8.2-RELEASE fetch install*?


----------



## Columbo0815 (Jul 26, 2011)

Sorry! Do NOT run *fetch install*. Inside the Jail install does not work. You have to start *freebsd-update -r 82.-RELEASE fetch* and then chroot on the host: *chroot /foo/bar/jail* followed by *freebsd-update install* -> exit.


----------



## Arni (Jan 6, 2012)

Hi! An identical problem.


```
uname -v FreeBSD 8.2-RELEASE #0: Mon Feb 21 11:00:36 MSK 2011 [email]root@free.ds[/email]:/usr/obj/usr/src/sys/ISPSERVER 
/usr/local/etc/rc.d/proftpd stop 
proftpd -n -d 9 
xxx.x.xx.xx ::ffff:92.112.33.46[::ffff:92.112.33.46] - ROOT PRIVS at auth.c:1356 
xxx.x.xx.xx ::ffff:92.112.33.46[::ffff:92.112.33.46] - error: FreeBSD with vulnerable chroot (FreeBSD-SA-11 :07.chroot) 
xxx.x.xx.xx ::ffff:92.112.33.46[::ffff:92.112.33.46] - RELINQUISH PRIVS at auth.c:1358 
xxx.x.xx.xx ::ffff:92.112.33.46[::ffff:92.112.33.46] - chroot to '/home/alexa-cms/data' failed for user 'al exa-cms': Operation not permitted xxx.x.xx.xx
```


----------



## fbsd1 (Jan 8, 2012)

freebsd-update only works on the host. I suggest you use the sysutil/qjail port to create and manage your jails. It has an update option to copy the host's running system files to the single basejail which is shared between all your jails. Very simple to use and has super documentation in the qjail man pages.


----------



## vand777 (Jan 8, 2012)

freebsd-update should never be used in jails. If you have set up jails as described in Handbook, then on the same page there is the section describing how to update jails.

If you have used sysutils/ezjail (my favorite), then:

```
ezjail-admin update -i
mergemaster -U -D /usr/jails/your_jail (and choose to delete temporary device.hints when asked.)
```

Documentation on ezjail.


----------



## hainan (Jan 8, 2012)

Use sysutils/qjail. It's easy to use. 

For details;

qjail manual


----------



## Nukama (Jan 8, 2012)

sysutils/ezjail introduces an option (in *bold*) relying on freebsd-update() in current 3.2.`# [man]ezjail-admin[/man] update [-s sourcetree | sourceosversion] [-p] -b | -i | -P | -[b]u[/b] | -[b]U[/b]`


----------



## fbsd1 (Jan 9, 2012)

The ezjail option relying on freebsd-update does not work, it's a documented bug that has been waiting for two years to be fixed. The fix is that option has to be removed because freebsd-update is not jail-aware and just updates the host system. ezjail is outdated and has been replaced by qjail. All ezjail users should make the move to qjail.


----------



## Sylgeist (Jan 9, 2012)

I keep seeing mention of qjail in forum posts, but I never see any actual info about the port. I have no particular attachment to ezjail, but I'm not going to change all my servers to something else without good reason. Is there any comparison page out there or has anyone done a side-by-side of jail management apps? If there is a better tool out there I'd love to use it!


----------



## fbsd1 (Jan 10, 2012)

In this thread people have posted links to ezjail and qjail manpage. It donâ€™t take a rocket scientist to see from just reading their manpages that qjail has progressed way beyond the functions provided by ezjail. Just give qjail a try and you will never look back at ezjail again. You will be happy you did.


----------



## vand777 (Jan 10, 2012)

fbsd1 said:
			
		

> It donâ€™t take a rocket scientist to see from just reading their manpages that qjail has progressed way beyond the functions provided by ezjail.


True. I'll use qjail on new servers. Will keep ezjail on old servers for time being. Just do not want to change something which works fine at the moment.


----------



## gkontos (Jan 10, 2012)

fbsd1 said:
			
		

> In this thread people have posted links to ezjail and qjail manpage. It donâ€™t take a rocket scientist to see from just reading their manpages that qjail has progressed way beyond the functions provided by ezjail. Just give qjail a try and you will never look back at ezjail again. You will be happy you did.



How about ZFS support?


----------



## DutchDaemon (Jan 11, 2012)

@fbsd1, maybe it would be a good thing to actually tell people that you are the qjail port maintainer, and therefore not _entirely_ neutral on the subject. It's getting a bit evangelical at times. Maybe add it to your signature.


----------

