On 01-09-25 Henrique de Moraes Holschuh wrote:
> On Tue, 25 Sep 2001, Christian Kurz wrote:
> > On 01-09-24 Henrique de Moraes Holschuh wrote:
> > > On Mon, 24 Sep 2001, Christian Kurz wrote:
> > > > Hm, that doesn't make much sense too me. I think the best thing would be
> > > > to have /etc/bind inside $CHROOT and having no symlink.
> > > And scratch the second-most important feature of Debian (the first one being
> > > the DFSG)? Do Not Move Config Files Out Of /etc. Ever. If you need it
> > > elsewhere, at least leave a symbolic link in place.
> > But having a link from either the config-files in /etc/bind to $CHROOT
> > or in the other direction, could be in my opinion a security risk. In my
> Oh, how so?
I think you know how the method of how to break out of a chroot. Having
some symlink inside the chroot would in my opinion make this task easier
then it normally is. But feel free to prove me wrong.
> > and would instead suggestion to modify the documents stating that all
> > config files should be in /etc to make a exception for $CHROOT.
> <wears QA hat>
> NEVER. This is not some low-grade distribution where you can go around
> scattering configuration files all over the filesystem. I will fight tooth
> and nail against such an atrocity.
> </wears QA hat>
Well, then we have to find some other way like cp, rsync, or something
else to keep one copy of the files in /etc and one in $CHROOT/etc. Using
mount --bind is like I stated before, no option.
Christian
--
Debian Developer (http://www.debian.org)
1024/26CC7853 31E6 A8CA 68FC 284F 7D16 63EC A9E6 67FF 26CC 7853
Attachment:
pgph_RMNQnnZn.pgp
Description: PGP signature