End of bind-chroot-admin script
Adam Tkac
atkac at redhat.com
Mon Nov 10 12:34:23 UTC 2008
On Sat, Nov 08, 2008 at 02:36:38PM -0500, Colin Walters wrote:
> On Fri, Nov 7, 2008 at 6:52 PM, Paul Wouters <paul at xelerance.com> wrote:
> >
> > I'd rather see something replace it.
>
> SELinux obsoletes this use of chroot for security. Every daemon
> doesn't need to grow its own private copy of the OS infrastructure.
>
Chroot is good and traditional method how restrict daemons. Many users
still use it and it is far more easy create chroot configuration than
create/maintain SELinux policy. I don't think SELinux obsoletes
chroot, both try restrict daemon privileges and both have + and -.
Adam
--
Adam Tkac, Red Hat, Inc.
More information about the fedora-devel-list
mailing list