Install Now
jk_update - a utility to update and cleanup a jail according to changes on the real system
Contents
Copyright
Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Olivier Sessink
Copying and distribution of this file, with or without modification, are permitted in any medium without
royalty provided the copyright notice and this notice are preserved.
JAILKIT 07-02-2010 jk_update(8)
Description
jk_update will compare the files in a jail with the corresponding files on the real system. If the
corresponding file on the real system is newer, and the file on the real system is different, the file
from the real system will be copied to the jail including any required libraries just like jk_cp would
do. Files that do not exist on the real system will be deleted in the jail.
jk_update works well to pass security updates on the real system to a jail. jk_update does not work well
with larger upgrades on the real system. In that case files are often replaced by other files in which
case jk_update will delete the old file but not copy the new file.
Avoidunwantedupdatesorcleanups
To avoid unwanted updates, or to avoid files being deleted, files or directories can be skipped by
jk_update, either by specifying them on the commandline or by specifying them in the configfile.
Directoriestoincludeintheupdate
By default jk_update will scan /usr, /bin, /opt, and /lib for updates. If one or more arguments is passed
as directories to update, these default directories are not scanned, unless they are part of the
arguments. The default directories can also be set in the config file.
jk_update-j<jail> will scan <jail>/usr, <jail>/bin, <jail>/opt, and <jail>/lib, while jk_update-j<jail>/bin will only scan <jail>/binExample
An example configfile could look like this:
[/home/testchroot]
skips = /usr/bin/myscript
hardlinks = 1
directories = /usr, /bin, /lib
[/home/otherjail]
skips = /usr/share/firefox, /usr/bin/firefox, /usr/lib/firefox
where the options have the following meaning:
skips
the files and directories to skip
hardlinks
a boolean whether to use hardlinks (1) or copy the files (0)
directories
specifies the directories to include in the update.
Name
jk_update - a utility to update and cleanup a jail according to changes on the real system
Options
-v--verbose
Will give verbose output
-h--help
The help screen
-c<sectioninconfigfile>--configsection=<sectioninconfigfile>
The jail to update
-j<jail>--jail=<jail>
The jail to update
-d--dry-run
Do a "dry run". Show what will be done but don't do anything.
-k--hardlink
Try to create hardlinks instead of copying the files when updating
-s<filetoskip>--skip<filetoskip>
Do not update this file. The argument can either be the path in the jail or the path on the real
system. In order to skip multiple files, use this option multiple times.
See Also
jailkit(8)jk_check(8)jk_chrootlaunch(8)jk_chrootsh(8)jk_cp(8)jk_init(8)jk_jailuser(8)jk_list(8)jk_lsh(8)jk_procmailwrapper(8)jk_socketd(8)jk_uchroot(8)chroot(2)
Synopsis
jk_update-j<jail>jk_update-c<sectionofconfigfile>jk_update-v-d-k-j<jail>-s<filetoskip><dirtoscanforupdates>jk_update--verbose--dry-run--hardlink--jail=<jail>--skip=<filetoskip><dirtoscanforupdates>
Warning
If you have changed files in the jail, it is recommended to do a "dry run" first and see what jk_update
will do. jk_update does now know if a file is manually changed or not. If a file in the jail is older and
different from the file on the real system it is updated. If a file in the jail does not have an
equivalent on the real system it is deleted. Use the skip option to exclude any files that you changed or
added manually.
PNG Icons
