BIND chroot environment in 10-RELEASE...gone?
Warren Block
wblock at wonkity.com
Mon Dec 15 13:01:02 UTC 2014
On Mon, 15 Dec 2014, sthaug at nethelp.no wrote:
>>> <rant>
>>> Removing the changeroot environment and symlinking logic is a net
>>> disservice to the FreeBSD community, and disincentive to use FreeBSD.
>>> </rant>
>>>
>>> Steinar Haug, Nethelp consulting, sthaug at nethelp.no
>>
>> Isn't this reasoning a bit flawed? Something hurt you so you state it is
>> hurting a whole community.
>>
>> I, for one, am glad the security updates of the Bind software are now
>> better maintainable across all FreeBSD version.
>
> I don't see the connection between removing BIND from the base system
> (I agree that this makes BIND updates better maintainable) and the
> complete removal of the changeroot/symlink functionality.
>
>> NB: using a jail might give an easier to maintain secure environment for
>> bind than a chroot. With more restrictions to the process also.
>
> Absolutely agree. However, that requires time to learn jails properly,
> which I don't have right now.
Here is a start:
https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/jails-ezjail.html#jails-ezjail-example-bind
More information about the freebsd-stable
mailing list