On Thu, 23 Sep 2010, Paul Wouters wrote: > Note that RHEL/CentOS/Fedora rely on SElinux instead of chroot(). The problem > with chroot() is needing copies of system files, which make it hard to package > for updates, etc. But the same applies, for SElinux policies to work properly, > stick with the OS. > > Also, /etc should not containt megabytes of zones files imho, that's much better > placed in /var. > > Paul
That's not strictly true. [[email protected] ~]$ cat /etc/redhat-release CentOS release 5.5 (Final) [[email protected] ~]$ yum info bind-chroot Loaded plugins: fastestmirror Excluding Packages in global exclude list Finished Available Packages Name : bind-chroot Arch : x86_64 Epoch : 30 Version : 9.3.6 Release : 4.P1.el5_4.2 Size : 44 k Repo : base Summary : A chroot runtime environment for the ISC BIND DNS server, named(8) URL : http://www.isc.org/products/BIND/ License : BSD-like Description: This package contains a tree of files which can be used as a : chroot(2) jail for the named(8) program from the BIND package. : Based off code from Jan "Yenya" Kasprzak <[email protected]> Regards, Jason _______________________________________________ bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
