On 01-09-25 Henrique de Moraes Holschuh wrote: > On Tue, 25 Sep 2001, Christian Kurz wrote: > > On 01-09-24 Henrique de Moraes Holschuh wrote: > > > On Mon, 24 Sep 2001, Christian Kurz wrote: > > > > Hm, that doesn't make much sense too me. I think the best thing would be > > > > to have /etc/bind inside $CHROOT and having no symlink. > > > And scratch the second-most important feature of Debian (the first one being > > > the DFSG)? Do Not Move Config Files Out Of /etc. Ever. If you need it > > > elsewhere, at least leave a symbolic link in place. > > But having a link from either the config-files in /etc/bind to $CHROOT > > or in the other direction, could be in my opinion a security risk. In my > Oh, how so? I think you know how the method of how to break out of a chroot. Having some symlink inside the chroot would in my opinion make this task easier then it normally is. But feel free to prove me wrong. > > and would instead suggestion to modify the documents stating that all > > config files should be in /etc to make a exception for $CHROOT. > <wears QA hat> > NEVER. This is not some low-grade distribution where you can go around > scattering configuration files all over the filesystem. I will fight tooth > and nail against such an atrocity. > </wears QA hat> Well, then we have to find some other way like cp, rsync, or something else to keep one copy of the files in /etc and one in $CHROOT/etc. Using mount --bind is like I stated before, no option. Christian -- Debian Developer (http://www.debian.org) 1024/26CC7853 31E6 A8CA 68FC 284F 7D16 63EC A9E6 67FF 26CC 7853
Attachment:
pgph_RMNQnnZn.pgp
Description: PGP signature