[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: End of bind-chroot-admin script

From: Adam Tkac <atkac redhat com>
To: Development discussions related to Fedora <fedora-devel-list redhat com>
Subject: Re: End of bind-chroot-admin script
Date: Mon, 10 Nov 2008 13:34:23 +0100

On Sat, Nov 08, 2008 at 02:36:38PM -0500, Colin Walters wrote:
> On Fri, Nov 7, 2008 at 6:52 PM, Paul Wouters <paul xelerance com> wrote:
> >
> > I'd rather see something replace it.
> 
> SELinux obsoletes this use of chroot for security.  Every daemon
> doesn't need to grow its own private copy of the OS infrastructure.
> 

Chroot is good and traditional method how restrict daemons. Many users
still use it and it is far more easy create chroot configuration than
create/maintain SELinux policy. I don't think SELinux obsoletes
chroot, both try restrict daemon privileges and both have + and -.

Adam

-- 
Adam Tkac, Red Hat, Inc.

Follow-Ups:
- Re: End of bind-chroot-admin script
  - From: Alan Cox

References:
- End of bind-chroot-admin script
  - From: Adam Tkac
- Re: End of bind-chroot-admin script
  - From: David Woodhouse
- Re: End of bind-chroot-admin script
  - From: Paul Wouters
- Re: End of bind-chroot-admin script
  - From: Colin Walters

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]