Dnia 06-03-2006, pon o godzinie 22:20 +0000, David Woodhouse napisał(a): > On Sat, 2006-03-04 at 14:14 -0500, Chris Tyler wrote: > > Should we consider bind-chroot obsolete, since SElinux should be able > > to provide similar protection (preventing named from touching files it > > should not, even if compromised)? > > Most definitely not. Chroot is simple and effective; I've still never > been able to install and use SElinux without it breaking things. >
BTW bind. Anyone work on fix Fedora bind for make this package FHS compliant ? Current base directory for bind files is /var/named and acording to FHS specification it will be better use /var/lib/named. kloczek
