Enrico Scholz wrote:
Andrew Farris <lordmorgul gmail com> writes:pz/ and the other parts of the chroot filesystem must be read-only for named.And why exactly is that?To give only the required rights is a common and working practice for years to secure daemons. Fedora should not forget classical ways (own uid, chroot environments, restrictive permissions) just to give something like "easier configuration" (where I can not see how mixing all and everything into a single dir can ease configuration).
I understand the idea behind minimum access restrictions; my reply/question was in regard to the use of the word 'must' which I assumed to be more than suggestion based on best practice (i.e. it won't work unless..). Manuel Wolfshant said much the same that you (Enrico) did above in his reply that I replied to... (btw.. to Manuel, sorry I did misread and reply 'to you' when 'you' and 'Enrico' were not one in the same, been a long day). Anyway, that common practice is certainly not something that should be ignored lightly, but lets not confuse whether it is suggestion or necessity. (that is all I was asking)
If anyone has reason to believe real *breakage* occurs due to the change Adam Tkac was suggesting I hope they speak up.
-- Andrew Farris <lordmorgul gmail com> <ajfarris gmail com> gpg 0xC99B1DF3 fingerprint CDEC 6FAD BA27 40DF 707E A2E0 F0F6 E622 C99B 1DF3 No one now has, and no one will ever again get, the big picture. - Daniel Geer ---- ----