bind-chroot obsolete due to SElinux?
Jason Vas Dias
jvdias at redhat.com
Sat Mar 4 19:18:01 UTC 2006
On Saturday 04 March 2006 14:14, Chris Tyler <chris at tylers.info> wrote:
>
> I noticed that the bind-chroot package is no longer installed by default
> (FC5t3 & rawhide), even through it's still present. Should we consider
> bind-chroot obsolete, since SElinux should be able to provide similar
> protection (preventing named from touching files it should not, even if
> compromised)?
>
> --
> Chris Tyler
>
Yes
There's no protection provided by bind-chroot that is not provided by running
named with SELinux in Enforcing mode.
Regards,
Jason Vas Dias,
BIND package maintainer
More information about the devel
mailing list