On Saturday 04 March 2006 14:14, Chris Tyler <ch...@tylers.info> wrote: > > I noticed that the bind-chroot package is no longer installed by default > (FC5t3 & rawhide), even through it's still present. Should we consider > bind-chroot obsolete, since SElinux should be able to provide similar > protection (preventing named from touching files it should not, even if > compromised)? > > -- > Chris Tyler > Yes
There's no protection provided by bind-chroot that is not provided by running named with SELinux in Enforcing mode. Regards, Jason Vas Dias, BIND package maintainer
