BIND chroot environment in 10-RELEASE...gone?
sthaug at nethelp.no
sthaug at nethelp.no
Mon Dec 15 11:34:09 UTC 2014
> > <rant>
> > Removing the changeroot environment and symlinking logic is a net
> > disservice to the FreeBSD community, and disincentive to use FreeBSD.
> > </rant>
> >
> > Steinar Haug, Nethelp consulting, sthaug at nethelp.no
>
> Isn't this reasoning a bit flawed? Something hurt you so you state it is
> hurting a whole community.
>
> I, for one, am glad the security updates of the Bind software are now
> better maintainable across all FreeBSD version.
I don't see the connection between removing BIND from the base system
(I agree that this makes BIND updates better maintainable) and the
complete removal of the changeroot/symlink functionality.
> NB: using a jail might give an easier to maintain secure environment for
> bind than a chroot. With more restrictions to the process also.
Absolutely agree. However, that requires time to learn jails properly,
which I don't have right now. Thus *for me*, it would have been much
nicer if the BIND ports had kept the changeroot/symlink functionality
that (as far as I know) Doug Barton put in.
I don't claim to speak for anybody but myself :-)
Steinar Haug, Nethelp consulting, sthaug at nethelp.no
More information about the freebsd-stable
mailing list