Hi All, I'm migrating a CentOS 6 bind instance (chrooted) to a CentOS 7 box and am curious of people's opinions on chrooting vs selinux as a way of securing bind.
The bind-chroot on CentOS 7 also comes with a script (/usr/libexec/setup-named-chroot.sh) that sets up the much maligned systemd and, through bind mounts, creates and extra level of chroot hierarchy giving: /var/named/chroot/var/named/chroot/var/named which seems totally unnecessary. I'm sure that bind-chroot would be happy enough running without the bind mounts but would I be loosing anything in terms of security? Also, would I bother with chrooting at all if selinux can secure the environment for me? My own opinions aside what do others think and has anyone had experience with this? Kind regards, Tom -- Tom Robinson 19 Thomas Road Mobile: +61 4 3268 7026 Healesville, VIC 3777 Home: +61 3 5962 4543 Australia GPG Key: 8A4CB7A7 CONFIDENTIALITY: Copyright (C). This message with any appended or attached material is intended for addressees only and may not be copied or forwarded to or used by other parties without permission.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ luv-main mailing list [email protected] http://lists.luv.asn.au/listinfo/luv-main
