oracular (8) jk_update.8.gz

Provided by: jailkit_2.23-2_amd64 bug

NAME

       jk_update - a utility to update and cleanup a jail according to changes on the real system

SYNOPSIS

       jk_update -j <jail>

       jk_update -c <section of configfile>

       jk_update -v -d -k -j <jail> -s <file to skip> <dir to scan for updates>

       jk_update  --verbose --dry-run --hardlink --jail=<jail> --skip=<file to skip> <dir to scan
       for updates>

DESCRIPTION

       jk_update will compare the files in a jail  with  the  corresponding  files  on  the  real
       system.  If  the  corresponding file on the real system is newer, and the file on the real
       system is different, the file from the real system will be copied to  the  jail  including
       any  required  libraries  just  like  jk_cp  would do. Files that do not exist on the real
       system will be deleted in the jail.

       jk_update works well to pass security updates on the real system to a jail. jk_update does
       not  work  well  with  larger  upgrades  on  the real system. In that case files are often
       replaced by other files in which case jk_update will delete the old file but not copy  the
       new file.

   Avoid unwanted updates or cleanups
       To  avoid  unwanted  updates, or to avoid files being deleted, files or directories can be
       skipped by jk_update, either by specifying them on the commandline or by  specifying  them
       in the configfile.

   Directories to include in the update
       By  default  jk_update  will  scan  /usr, /bin, /opt, and /lib for updates. If one or more
       arguments is passed as directories to update, these default directories are  not  scanned,
       unless  they  are  part  of  the arguments. The default directories can also be set in the
       config file.

       jk_update -j <jail> will scan <jail>/usr, <jail>/bin, <jail>/opt,  and  <jail>/lib,  while
       jk_update -j <jail> /bin will only scan <jail>/bin

EXAMPLE

       An example configfile could look like this:

       [/home/testchroot]
       skips = /usr/bin/myscript
       hardlinks = 1
       directories = /usr, /bin, /lib

       [/home/otherjail]
       skips = /usr/share/firefox, /usr/bin/firefox, /usr/lib/firefox

       where the options have the following meaning:

       skips
              the files and directories to skip
       hardlinks
              a boolean whether to use hardlinks (1) or copy the files (0)
       directories
              specifies the directories to include in the update.

WARNING

       If  you  have changed files in the jail, it is recommended to do a "dry run" first and see
       what jk_update will do. jk_update does now know if a file is manually changed or not. If a
       file in the jail is older and different from the file on the real system it is updated. If
       a file in the jail does not have an equivalent on the real system it is deleted.  Use  the
       skip option to exclude any files that you changed or added manually.

OPTIONS

       -v --verbose
              Will give verbose output

       -h --help
              The help screen

       -c <section in configfile> --configsection=<section in configfile>
              The jail to update

       -j <jail> --jail=<jail>
              The jail to update

       -d --dry-run
              Do a "dry run". Show what will be done but don't do anything.

       -k --hardlink
              Try to create hardlinks instead of copying the files when updating

       -s <file to skip> --skip <file to skip>
              Do  not  update  this  file. The argument can either be the path in the jail or the
              path on the real system. In order to skip multiple files, use this option  multiple
              times.

SEE ALSO

       jailkit(8)    jk_check(8)    jk_chrootlaunch(8)    jk_chrootsh(8)    jk_cp(8)   jk_init(8)
       jk_jailuser(8)  jk_list(8)  jk_lsh(8)  jk_procmailwrapper(8)  jk_socketd(8)  jk_uchroot(8)
       chroot(2)

       Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Olivier Sessink

       Copying  and distribution of this file, with or without modification, are permitted in any
       medium without royalty provided the copyright notice and this notice are preserved.