fedora-devel-list@redhat.com
[Top] [All Lists]
<prev [Date] next>
<prev [Thread] next>

Re: bind-chroot obsolete due to SElinux?

from [Jason Vas Dias]
Subject: Re: bind-chroot obsolete due to SElinux?
From: Jason Vas Dias
Date: Sat, 4 Mar 2006 14:18:01 -0500 
On Saturday 04 March 2006 14:14, Chris Tyler <chris@xxxxxxxxxxx> wrote:
>  
>  I noticed that the bind-chroot package is no longer installed by default
>  (FC5t3 & rawhide), even through it's still present. Should we consider
>  bind-chroot obsolete, since SElinux should be able to provide similar
>  protection (preventing named from touching files it should not, even if
>  compromised)?
>  
>  --
>  Chris Tyler
>  
Yes

There's no protection provided by bind-chroot that is not provided by running
named with SELinux in Enforcing mode.

Regards,
Jason Vas Dias,
BIND package maintainer 

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  bind-chroot obsolete due to SElinux?, Chris Tyler
Next by Date:  Re: bind-chroot obsolete due to SElinux?, Ivan Gyurdiev
Previous by Thread:  bind-chroot obsolete due to SElinux?, Chris Tyler
Next by Thread:  Re: bind-chroot obsolete due to SElinux?, Ivan Gyurdiev
Indexes:  [Date] [Thread] [Top] [All Lists]