Re: F11 bind-chroot - a question?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Tom Horsley wrote:
> Why not just *always* run bind chroot?

I'm guessing it's because, in general, Fedora is moving away from
chroot and toward SELinux to provide extra security for these sorts of
services?

> Have the files live in /var/named, then updates just update the one
> and only copy in /var/named? If someone somewhere really and truly
> doesn't want to run chroot, provide a --prefix option in named so he
> can tell it the config files are relative to /var/named instead of
> relative to /, but in any case the config files always live in one
> and only one place.

That sounds like it would entail a similar amount of extra work and
chances for introducing bugs that the bind-chroot-admin script had.
If the bind daemon really is only trusted by admins when it is in a
chroot, it might be a good reason to look at alternative DNS server
software. :)

I don't personally have much interest in this, but if other folks do,
I'm sure suggestions in patch form would be taken more seriously by
the bind maintainers (preferably upstream).

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I expected times like this -- but never thought they'd be so bad, so
long, and so frequent.
    -- Demotivators (www.despair.com)

Attachment: pgpNgD47o37U1.pgp
Description: PGP signature

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux