On Tue, 23 Dec 2008, [email protected] wrote: > > That's why I've switched unbound in fedora to depend on SElinux, and got > > rid of the entire chroot. (Still needs to propagate to EPEL and Fedora > > releases) > > Paul, is that just for you, or as an "official" maintainer of the package > for Fedora?
It is currently only in rawhide, but the idea is to migrate it to the other releases as well. > If the latter, then that would prevent me from running Unbound as I don't > have (or want) SELinux on my home machine. >From a distribution point of view, it makes no sense to keep small chroot copies of the OS itself for various kinds of applications. Named I believe laready lost its chroot as well. There were various problems with the chroot. For one, there is the issue of updated DNSSEC keys (via dnssec-keys and autotrust). Then there is the issue of package updates and the --bind mounts not getting unmounted in time for the package to do an update without causing problems in the scriptlets. And last, with the coming of instant cheap VM's for a single purpose (eg nameserver) the concept of chroot's is becoming rather useless. The only value content of a VM running a nameserver is within the chroot itself. I can see about adding an option for chroot building in the spec file, and having it disabled per default, so you only need to rpmbuild the source rpm with a --define 'use-chroot=yes' but I'd still prefer to just completely get rid of it. Paul _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
