BIND chroot environment in 10-RELEASE...gone?

Chris H chrish at UltimateDNS.NET
Tue Dec 16 14:09:52 UTC 2014 

On Tue, 16 Dec 2014 10:22:59 +0100 Erwin Lansing <erwin at FreeBSD.org> wrote

> On Mon, Dec 15, 2014 at 10:12:45PM -0800, Kevin Oberman wrote:
> > 
> > Please don't conflate issues. Moving BIND out of the base system is
> > something long overdue. I know that the longtime BIND maintainer, Doug B,
> > had long felt it should be removed. This has exactly NOTHING to do with
> > removing the default chroot installation. The ports were, by default
> > installed chrooted. Jailed would have been better, but it was not something
> > that could be done in a port unless the jail had already been set up.
> > chroot is still vastly superior to not chrooted and I was very distressed
> > to see it go from the ports.
> > 
> 
> While I don't want to get dragged down into this discussion that can go
> on forever without any consensus, I just want to point out that there is
> a slight twist to the above description.  Due to implementational
> details, the ports' chroot was actually inside the base system parts of
> BIND.  Removing the one, removed the other.
> 
> I did try my hand at a reimplentation self-contained in the port, but
> that proved less trivial than thought and I never reached a satisfactory
> solution.
I found it to be surprisingly difficult, as well.
>  If anyone want to try their hands at it as well and convince
> the new port maintainer, please do so, but trust me when I say that.
> e.g. an ezjail solution, is much easier to set up and maintain than
> reverting to the old functionality.  In they end, I'd rather see a
> more general solution that can chroot, or jail, an arbitrary daemon from
> ports rather than special treatment of a single port.  If BIND, why not
> also NSD, unbound, or apache for arguments sake?
Hmm. Maybe something along the lines of sysutils/ez-chroot? :
Sounds like it could really be a popular port! :)

--Chris

> 
> Erwin
> 
> -- 
> Erwin Lansing                                    http://droso.dk
> erwin at FreeBSD.org                        http:// www.FreeBSD.org
> _______________________________________________
> freebsd-stable at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"

More information about the freebsd-stable mailing list