On Thu, 23 Sep 2010, Paul Wouters wrote: > Note that RHEL/CentOS/Fedora rely on SElinux instead of chroot(). The problem > with chroot() is needing copies of system files, which make it hard to package > for updates, etc. But the same applies, for SElinux policies to work properly, > stick with the OS. > > Also, /etc should not containt megabytes of zones files imho, that's much better > placed in /var. > > Paul
That's not strictly true. [...@clueby4.net ~]$ cat /etc/redhat-release CentOS release 5.5 (Final) [...@clueby4.net ~]$ yum info bind-chroot Loaded plugins: fastestmirror Excluding Packages in global exclude list Finished Available Packages Name : bind-chroot Arch : x86_64 Epoch : 30 Version : 9.3.6 Release : 4.P1.el5_4.2 Size : 44 k Repo : base Summary : A chroot runtime environment for the ISC BIND DNS server, named(8) URL : http://www.isc.org/products/BIND/ License : BSD-like Description: This package contains a tree of files which can be used as a : chroot(2) jail for the named(8) program from the BIND package. : Based off code from Jan "Yenya" Kasprzak <k...@fi.muni.cz> Regards, Jason _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
