also sprach Javier Fernández-Sanguino Peña <jfs@computer.org> [2002.03.07.1054 +0100]: > > > Debian could provide, with only some effort from package > > > maintainers versions of daemons chrooted to given environments. This > > > however, might break Policy (IMHO). > > > > how would it break policy? > > (sorry, catching up with posts) me too... > Policy would be broken because a chroot installation would need > all the libraries, configuration files, etc... that the service needed > to be placed in a given fixed location > (for example /usr/lib/named/etc, /usr/lib/named/var/{log,run}) > This defeats the FHS and also one of Debian's primary assumptions > (all configuration files in /etc for example) on which the policy is > based. not necessarily. depends on how the daemon is written. for instance, my bind9 chroot has absolutely zero anything in violation with the FHS! but i see your point. it's a flaw in the policy/FHS though, i think. -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck you work very hard. don't try to think as well.
Attachment:
pgphnkyvu0wx8.pgp
Description: PGP signature