Date: Mon, 13 Nov 2017 20:14:09 +0000 From: Dries Michiels <driesmp@hotmail.com> To: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: chroot implementation of bind and kea Message-ID: <DB6PR1001MB1238A4081466628B372B5176BB2B0@DB6PR1001MB1238.EURPRD10.PROD.OUTLOOK.COM>
next in thread | raw e-mail | index | archive | help
Dear net mailing list, At the moment BINDS’s default chroot behavior is to move all necessary files to a directory specified in rc.conf as named_chrootdir. Afterwards the RC script creates a symlink from /usr/local/etc/namedb/ to the named_chrootdir so that config files etc can still be modified from /usr/local/etc/ as that is where they belong. However, I find the chroot implementation of isc-dhcpd better. That is, instead of creating a symlink, copying the files over each time the program is (re)started. This has the additional benefit that if files in the chroot are compromised they get overwritten by the originals on service restart. Could this be implemented for BIND as well? Another little question regarding chroot, is it possible to make net/kea chrootable? There are currently no such options in the kea rc script. With regards, Dries
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DB6PR1001MB1238A4081466628B372B5176BB2B0>