Date: Mon, 15 Dec 2014 06:00:59 -0700 (MST) From: Warren Block <wblock@wonkity.com> To: sthaug@nethelp.no Cc: freebsd-stable@freebsd.org, ronald-lists@klop.ws Subject: Re: BIND chroot environment in 10-RELEASE...gone? Message-ID: <alpine.BSF.2.11.1412150556410.69066@wonkity.com> In-Reply-To: <20141215.123405.74723741.sthaug@nethelp.no> References: <20131203.223612.74719903.sthaug@nethelp.no> <20141215.082038.41648681.sthaug@nethelp.no> <op.xqwlh6utkndu52@ronaldradial.radialsg.local> <20141215.123405.74723741.sthaug@nethelp.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 15 Dec 2014, sthaug@nethelp.no wrote: >>> <rant> >>> Removing the changeroot environment and symlinking logic is a net >>> disservice to the FreeBSD community, and disincentive to use FreeBSD. >>> </rant> >>> >>> Steinar Haug, Nethelp consulting, sthaug@nethelp.no >> >> Isn't this reasoning a bit flawed? Something hurt you so you state it is >> hurting a whole community. >> >> I, for one, am glad the security updates of the Bind software are now >> better maintainable across all FreeBSD version. > > I don't see the connection between removing BIND from the base system > (I agree that this makes BIND updates better maintainable) and the > complete removal of the changeroot/symlink functionality. > >> NB: using a jail might give an easier to maintain secure environment for >> bind than a chroot. With more restrictions to the process also. > > Absolutely agree. However, that requires time to learn jails properly, > which I don't have right now. Here is a start: https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails-ezjail.html#jails-ezjail-example-bind
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.11.1412150556410.69066>