Date: Mon, 13 Nov 2017 20:14:09 +0000 From: Dries Michiels <driesmp@hotmail.com> To: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: chroot implementation of bind and kea Message-ID: <DB6PR1001MB1238A4081466628B372B5176BB2B0@DB6PR1001MB1238.EURPRD10.PROD.OUTLOOK.COM>
next in thread | raw e-mail | index | archive | help
Dear net mailing list, At the moment BINDS=92s default chroot behavior is to move all necessary fi= les to a directory specified in rc.conf as named_chrootdir. Afterwards the RC script creates a symlink from /usr/local/etc/namedb/ to t= he named_chrootdir so that config files etc can still be modified from /usr= /local/etc/ as that is where they belong. However, I find the chroot implementation of isc-dhcpd better. That is, ins= tead of creating a symlink, copying the files over each time the program is= (re)started. This has the additional benefit that if files in the chroot are compromised= they get overwritten by the originals on service restart. Could this be im= plemented for BIND as well? Another little question regarding chroot, is it possible to make net/kea ch= rootable? There are currently no such options in the kea rc script. With regards, Dries
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DB6PR1001MB1238A4081466628B372B5176BB2B0>