bind-chroot obsolete due to SElinux?

Jason Vas Dias jvdias at redhat.com
Sat Mar 4 19:18:01 UTC 2006


On Saturday 04 March 2006 14:14, Chris Tyler <chris at tylers.info> wrote:
>  
>  I noticed that the bind-chroot package is no longer installed by default
>  (FC5t3 & rawhide), even through it's still present. Should we consider
>  bind-chroot obsolete, since SElinux should be able to provide similar
>  protection (preventing named from touching files it should not, even if
>  compromised)?
>  
>  --
>  Chris Tyler
>  
Yes

There's no protection provided by bind-chroot that is not provided by running
named with SELinux in Enforcing mode.

Regards,
Jason Vas Dias,
BIND package maintainer 




More information about the devel mailing list