On Tue, 25 Sep 2001, Christian Kurz wrote: > But having a link from either the config-files in /etc/bind to $CHROOT > or in the other direction, could be in my opinion a security risk. Henrique de Moraes Holschuh <hmh@debian.org> wrote: > Oh, how so? Because the files accessed from within the chroot once it's broken are the SAME FILES as on the real system. Doesn't that kinda defeat the purpose of having a chroot? > Get some sleep. Links from inside the chroot to outside do not work, unless > the kernel is fucked up. Hard links work fine. > <wears QA hat> > NEVER. This is not some low-grade distribution where you can go around > scattering configuration files all over the filesystem. I will fight tooth > and nail against such an atrocity. > </wears QA hat> I agree wholeheartedly here. I don't see what's so hard about rsync'ing the files from /etc to the chroot in the init script each time the daemon is started. -- Sam Couter | Internet Engineer | http://www.topic.com.au/ sam@topic.com.au | tSA Consulting | OpenPGP key ID: DE89C75C, available on key servers OpenPGP fingerprint: A46B 9BB5 3148 7BEA 1F05 5BD5 8530 03AE DE89 C75C
Attachment:
pgppGngLVT_YM.pgp
Description: PGP signature