bind-chroot obsolete due to SElinux?
Tomasz Kłoczko
kloczek at zie.pg.gda.pl
Mon Mar 6 22:28:18 UTC 2006
Dnia 06-03-2006, pon o godzinie 22:20 +0000, David Woodhouse napisał(a):
> On Sat, 2006-03-04 at 14:14 -0500, Chris Tyler wrote:
> > Should we consider bind-chroot obsolete, since SElinux should be able
> > to provide similar protection (preventing named from touching files it
> > should not, even if compromised)?
>
> Most definitely not. Chroot is simple and effective; I've still never
> been able to install and use SElinux without it breaking things.
>
BTW bind.
Anyone work on fix Fedora bind for make this package FHS compliant ?
Current base directory for bind files is /var/named and acording to FHS
specification it will be better use /var/lib/named.
kloczek
More information about the fedora-devel-list
mailing list