On 1/13/06, Paul Howarth <paul@xxxxxxxxxxxx> wrote: > Chasecreek Systemhouse wrote: > > On 1/13/06, Justin Willmert <justin@xxxxxxxxxx> wrote: > > > > > >>/var/named/chroot/etc/named.conf (config file) > >>/var/named/chroot/var/named/ (zone files dir) > > > > > > It should not be chrooted if SELinux is enabled. > > Whyever not? > > > And SELinux is more secure than a chrooted name server. > > And chrooted+SELinux is more secure still. Layers of defence and all that. LOL =) In case no one read the named man page -- improperly set-up named servers running as root can break out of chroot jail. -- WC -Sx- Jones | http://ccsh.us/ | Open Source Consulting
