[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: bind9-chroot (was: questions on ITP)

WRT chrooting certain applications - wouldn't it make sense to mandate
one consistent way for the user to do this if the package supports it? 
That way, chrooting daemons is much more user-friendly, which in turn
will (hopefully) lead to more people doing it.

One idea: In a configuration file, the user lists those daemons he
wants to run chrooted. init.d scripts that support it read this
information and act on it, copying the required files to a chroot
before starting the daemon there.

(The config file should probably not be read directly, instead the
init.d script should call a small query script. That way, file format
changes are possible.)

Furthermore, IMHO init.d scripts that support chrooting should clearly
print "[chrooted]" or "[non-chrooted]" in their startup message, both
to make the user aware that chrooting is possible, and to make it
clear whether it takes place.

- If I were to put together a "chroot-helper" package, would people be
  interested in using it for their package?
- Any chance of getting a recommendation for this into policy?



  __   _
  |_) /|  Richard Atterer     |  CS student at the Technische  |  GnuPG key:
  | \/¯|  http://atterer.net  |  Universität München, Germany  |  0x888354F7
  ¯ ´` ¯

Attachment: pgp0icLzXfPBX.pgp
Description: PGP signature

Reply to: