No the prior poster was correct - you can do chroot or SELinux or both. While it is true that RedHat teaches SELinux and ships it you can always disable it if you prefer not to use it. You are asked during the install of the OS and you can disable it or enable it any time you want after the install.
I've heard nothing suggesting that chroot and SELinux are mutually exclusive. In fact RedHat teaches "security in layers" where they encourage you to use multiple types of security rather than relying on one thing. -----Original Message----- From: bind-users-bounces+jlightner=water....@lists.isc.org [mailto:bind-users-bounces+jlightner=water....@lists.isc.org] On Behalf Of Paul Wouters Sent: Thursday, September 23, 2010 10:31 PM To: Jason Mitchell Cc: bind-users@lists.isc.org Subject: RE: repository for zone files On Fri, 24 Sep 2010, Jason Mitchell wrote: > [...@clueby4.net ~]$ cat /etc/redhat-release > CentOS release 5.5 (Final) > [...@clueby4.net ~]$ yum info bind-chroot > Name : bind-chroot That's only there as legacy though, to not break updating old systems that depend on it. The recommended method to secure your nameserver when starting from a fresh install, is to use SElinux, not chroot. Paul _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Proud partner. Susan G. Komen for the Cure. Please consider our environment before printing this e-mail or attachments. ---------------------------------- CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. ---------------------------------- _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
