BIND less restrictive modes and policy
Simo Sorce
ssorce at redhat.com
Tue Jan 22 13:32:25 UTC 2008
On Tue, 2008-01-22 at 01:18 +0100, Enrico Scholz wrote:
> Adam Tkac <atkac at redhat.com> writes:
>
> > Also complete /var/named/* subtree will be writable by named
>
> This is bad. Only the slaves/ and data/ (for DDNS) dirs must be writable.
> pz/ and the other parts of the chroot filesystem must be read-only for
> named.
Enrico can you explain what would that prevent/change ?
Simo.
--
| Simo S Sorce |
| Sr.Soft.Eng. |
| Red Hat, Inc |
| New York, NY |
More information about the fedora-devel-list
mailing list