Tom Horsley wrote: > Why not just *always* run bind chroot? I'm guessing it's because, in general, Fedora is moving away from chroot and toward SELinux to provide extra security for these sorts of services? > Have the files live in /var/named, then updates just update the one > and only copy in /var/named? If someone somewhere really and truly > doesn't want to run chroot, provide a --prefix option in named so he > can tell it the config files are relative to /var/named instead of > relative to /, but in any case the config files always live in one > and only one place. That sounds like it would entail a similar amount of extra work and chances for introducing bugs that the bind-chroot-admin script had. If the bind daemon really is only trusted by admins when it is in a chroot, it might be a good reason to look at alternative DNS server software. :) I don't personally have much interest in this, but if other folks do, I'm sure suggestions in patch form would be taken more seriously by the bind maintainers (preferably upstream). -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I expected times like this -- but never thought they'd be so bad, so long, and so frequent. -- Demotivators (www.despair.com)
Attachment:
pgpNgD47o37U1.pgp
Description: PGP signature
-- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines