[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: bind-chroot obsolete due to SElinux?

From: Jason Vas Dias <jvdias redhat com>
To: Development discussions related to Fedora Core <fedora-devel-list redhat com>
Subject: Re: bind-chroot obsolete due to SElinux?
Date: Sat, 4 Mar 2006 14:18:01 -0500

On Saturday 04 March 2006 14:14, Chris Tyler <chris tylers info> wrote:
>  
>  I noticed that the bind-chroot package is no longer installed by default
>  (FC5t3 & rawhide), even through it's still present. Should we consider
>  bind-chroot obsolete, since SElinux should be able to provide similar
>  protection (preventing named from touching files it should not, even if
>  compromised)?
>  
>  --
>  Chris Tyler
>  
Yes

There's no protection provided by bind-chroot that is not provided by running
named with SELinux in Enforcing mode.

Regards,
Jason Vas Dias,
BIND package maintainer

Follow-Ups:
- Re: bind-chroot obsolete due to SElinux?
  - From: Ivan Gyurdiev

References:
- bind-chroot obsolete due to SElinux?
  - From: Chris Tyler

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]