also sprach Javier Fernández-Sanguino Peña <jfs@computer.org> [2002.03.07.1054 +0100]:
> > > Debian could provide, with only some effort from package
> > > maintainers versions of daemons chrooted to given environments. This
> > > however, might break Policy (IMHO).
> >
> > how would it break policy?
>
> (sorry, catching up with posts)
me too...
> Policy would be broken because a chroot installation would need
> all the libraries, configuration files, etc... that the service needed
> to be placed in a given fixed location
> (for example /usr/lib/named/etc, /usr/lib/named/var/{log,run})
> This defeats the FHS and also one of Debian's primary assumptions
> (all configuration files in /etc for example) on which the policy is
> based.
not necessarily. depends on how the daemon is written. for instance,
my bind9 chroot has absolutely zero anything in violation with the
FHS!
but i see your point. it's a flaw in the policy/FHS though, i think.
--
martin; (greetings from the heart of the sun.)
\____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
you work very hard. don't try to think as well.
Attachment:
pgphnkyvu0wx8.pgp
Description: PGP signature