On Wed, Oct 30, 2002 at 11:43:28PM +0100, J.J. van Gorkum wrote: > > Maybe I'm too much an old school admin but 'they' allways told me to > move all the libraries into the chroot environment (no symlinks > watsoever) and even (if possible) move the whole chroot environment > onto an special (read-only) filesystem...
Then you might like the 'makejail' method best. See
http://www.debian.org/doc/manuals/securing-debian-howto/ap-chroot-ssh-env.en.html
Talks about sshd, but the switch to bind is just as easy.
>
> In my second example when I start the named daemon without the -t option
> and use the (buggy) start-stop-daemon --chroot option the libraries are
> used from the chroot environment. That was my point -- and it seems that
> the 'standard' debian method of using a chroot environment (the link
> from my original post) is moving the libraries into the chroot
> environment and not using them.....
Standard? There is no such think as a standard Debian method of
setting up a chroot environment. Although we might need to write/implement
one down...
Javi
msg07598/pgp00000.pgp
Description: PGP signature
