also sprach Richard Atterer (on Sat, 22 Sep 2001 03:28:21PM +0200): > One idea: In a configuration file, the user lists those daemons he > wants to run chrooted. init.d scripts that support it read this > information and act on it, copying the required files to a chroot > before starting the daemon there. well, you might just use SuSE then... i don't think this is a good idea. for one, it is not necessary to copoy the chroot files over and over again with each init.d start. this interferes with tripwire installations, and it's in violation of the "never touch a running system" philosophy. even if libc is updated, if bind runs happily in its chroot. and if some security patch or otherwise crucial update is pending for a library that bind also uses, then the bind9 and bind9-chroot packages should be updated anyway. sure, this requires more work on the maintainer side, but it's the best way to do it. > - If I were to put together a "chroot-helper" package, would people be > interested in using it for their package? i don't think a global solution is a good choice here. if i install bind9-chroot (hypothetically speaking), then bind9 should not possibly ever run non-chrooted again. this should be done via diversions. martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck -- you will be run over by a beer truck.
Attachment:
pgplnylt0tQLV.pgp
Description: PGP signature