How To Upgrade FreeBSD Jail ( OS Level Virtualization )

last updated in Categories , , , , ,

Q. I’ve FreeBSD jail configured as explained in man pages using make world options. Now I’ve upgrade my base FreeBSD 7.0 system to FreeBSD 7 patch level 4. How do I upgrade my Jail (FreeBSD VPS) so that everything get updated inside jail?

A. The FreeBSD jail mechanism is an implementation of operating system-level virtualization that allows administrators to partition a FreeBSD-based computer system into several independent mini-systems called jails. FreeBSD jails offer security, ease of delegation and os level virtualization. To upgrade your jail using make world use the following commands.

Step # 1: Build world

Follow this guide to upgrade your running system. Once done type the following command to build world for jail:

WARNING! There are various ways of creating and upgrading jails. This method uses make world upgrade method as original jail was created using make build itself.

# JAIL=/path/to/jail
# JAIL=/usr/home/jail/
# cd /usr/src
# make buildworld DESTDIR=$JAIL

Please note that If you have just done make buildworld previously you can do make installworld and save the time.

Step # 2: Stop jail service

Type the following command to stop all jails:
# /etc/rc.d/jail stop

Step # 3: Upgrade jail

Type the following command to stop all jails:
# cd /usr/src
# make installworld DESTDIR=$JAIL
# mergemaster -i -C -D $JAIL

If you have multiple jail repeat above steps. You can also try something as follows:
# JPATHS="/jail/path1 /jail/path2 /jail/path3"
# for j in $JPATHS; make installworld DESTDIR=$j; done

Step # 4: Start all jails

Type the following command:
# /etc/rc.d/jail start
Make sure everything is running:
# jls
Try to connect to jail called with 20 as jail id from host itself:
# jexec 20 sh
# hostname
# sockstat

Try to upgrade FreeBSD ports inside jail:
# portsnap fetch update
# portversion -l '<' # portupgrade -a

Exit from jail and go back to host:
# exit

Further readings

This entry is 5 of 6 in the FreeBSD Jail Operating System-level Virtualization Tutorial series. Keep reading the rest of the series:
  1. Setup FreeBSD Jail With ezjail
  2. FreeBSD Jail Allow Ping / tracerouter Commands
  3. FreeBSD Jail Add Multiple IPv4 / IPv6 Address
  4. FreeBSD Jail Access Private Network Via NAT and PF
  5. How To Upgrade FreeBSD Jail ( OS Level Virtualization )
  6. FreeBSD Jail Allow Sound And Flash Access


Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

11 comment

  1. You can optionally use ezjail – /usr/ports/sysutils/ezjail
    A *great* tool, you can automatically create new jail for seconds, there are ‘flavours’ that you can configure and have *almost anything* setuped in new jail upon creation.
    Also you can create jail in regular image file (which can be crypted!)… a lot of features and one of the best – upgrade in 3 steps:
    1. cvsup /usr/src dir.
    2. build/install world on base system.
    2. ezjail-admin update -i
    If the -i (install only) option is given, ezjail-admin update only per-
    formes a make installworld, otherwise make world is invoked.

  2. You missed a very important step- you must run mergemaster to update /etc in the new jail!

    after running make installworld DESTDIR=$JAIL you need to run mergemaster -i -C -D $JAIL

  3. thanks for this mini howto :)
    just a question… you say:
    make buildworld DESTDIR=$JAIL

    is really necessary setting DESTDIR variable while
    making buildworld?

    you also say:
    “Please note that If you have just done make buildworld previously you can do make installworld and save the time.”

    This makes me think… one buildworld… one or more installworld (with different DESTDIR for each jail)

    either DESTDIR in buildworld is useless or we have
    to make buildworld for each jail…

    Just to be sure,
    thank you very much indeed ;)

  4. is really necessary setting DESTDIR variable while making buildworld?
    No, you can actually run it as follows:
    make buildworld
    make installworld DESTDIR=/path/to/jail/1
    make installworld DESTDIR=/path/to/jail/2
    make installworld DESTDIR=/path/to/jail/N


  5. For “Step # 4: Start all jails”, you have:

    # /etc/init.d/jail start

    It should be:

    # /etc/rc.d/jail start

  6. Hi folks, I’m asking myself, whether it will be safe to do this upgrade from 6.3-RELEASE to 7.0-RELEASE.

    Anybody out there, how has done a major version upgrade with his base system and then with his jails?

    What will the jails do when hosted by a 7.0-RELEASE but themselves not upgraded yet?


  7. I haven’t done a major upgrade (6.3-to-7.0) of a jail host system jet, but I’ve successfully upgraded a production server from a minor release to another (RELENG_6_2 to RELENG_6_3), by using the method described by Valqk (ezjail-admin update + mergemaster), and all worked fine!

  8. Minor detail; in stead of
    portversion -l ‘<'
    I prefer
    portversion -L =
    as that would display more potential trouble -in case there is any-.

    Still, have a question? Get help on our forum!