Date: Mon, 15 Dec 2014 12:34:05 +0100 (CET) From: sthaug@nethelp.no To: ronald-lists@klop.ws Cc: freebsd-stable@freebsd.org Subject: Re: BIND chroot environment in 10-RELEASE...gone? Message-ID: <20141215.123405.74723741.sthaug@nethelp.no> In-Reply-To: <op.xqwlh6utkndu52@ronaldradial.radialsg.local> References: <20131203.223612.74719903.sthaug@nethelp.no> <20141215.082038.41648681.sthaug@nethelp.no> <op.xqwlh6utkndu52@ronaldradial.radialsg.local>
next in thread | previous in thread | raw e-mail | index | archive | help
> > <rant> > > Removing the changeroot environment and symlinking logic is a net > > disservice to the FreeBSD community, and disincentive to use FreeBSD. > > </rant> > > > > Steinar Haug, Nethelp consulting, sthaug@nethelp.no > > Isn't this reasoning a bit flawed? Something hurt you so you state it is > hurting a whole community. > > I, for one, am glad the security updates of the Bind software are now > better maintainable across all FreeBSD version. I don't see the connection between removing BIND from the base system (I agree that this makes BIND updates better maintainable) and the complete removal of the changeroot/symlink functionality. > NB: using a jail might give an easier to maintain secure environment for > bind than a chroot. With more restrictions to the process also. Absolutely agree. However, that requires time to learn jails properly, which I don't have right now. Thus *for me*, it would have been much nicer if the BIND ports had kept the changeroot/symlink functionality that (as far as I know) Doug Barton put in. I don't claim to speak for anybody but myself :-) Steinar Haug, Nethelp consulting, sthaug@nethelp.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20141215.123405.74723741.sthaug>