repository for zone files
Lightner, Jeff
jlightner at water.com
Fri Sep 24 12:03:00 UTC 2010
No the prior poster was correct - you can do chroot or SELinux or both.
While it is true that RedHat teaches SELinux and ships it you can always
disable it if you prefer not to use it. You are asked during the
install of the OS and you can disable it or enable it any time you want
after the install.
I've heard nothing suggesting that chroot and SELinux are mutually
exclusive. In fact RedHat teaches "security in layers" where they
encourage you to use multiple types of security rather than relying on
one thing.
-----Original Message-----
From: bind-users-bounces+jlightner=water.com at lists.isc.org
[mailto:bind-users-bounces+jlightner=water.com at lists.isc.org] On Behalf
Of Paul Wouters
Sent: Thursday, September 23, 2010 10:31 PM
To: Jason Mitchell
Cc: bind-users at lists.isc.org
Subject: RE: repository for zone files
On Fri, 24 Sep 2010, Jason Mitchell wrote:
> [jay at clueby4.net ~]$ cat /etc/redhat-release
> CentOS release 5.5 (Final)
> [jay at clueby4.net ~]$ yum info bind-chroot
> Name : bind-chroot
That's only there as legacy though, to not break updating old systems
that depend on it. The recommended method to secure your nameserver when
starting from a fresh install, is to use SElinux, not chroot.
Paul
_______________________________________________
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Proud partner. Susan G. Komen for the Cure.
Please consider our environment before printing this e-mail or attachments.
----------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------
More information about the bind-users
mailing list