bind-chroot obsolete due to SElinux?

David Woodhouse dwmw2 at infradead.org
Mon Mar 6 22:20:23 UTC 2006


On Sat, 2006-03-04 at 14:14 -0500, Chris Tyler wrote:
> Should we consider bind-chroot obsolete, since SElinux should be able
> to provide similar protection (preventing named from touching files it
> should not, even if compromised)?

Most definitely not. Chroot is simple and effective; I've still never
been able to install and use SElinux without it breaking things.

-- 
dwmw2




More information about the fedora-devel-list mailing list