On Wed, Oct 30, 2002 at 11:43:28PM +0100, J.J. van Gorkum wrote: > > Maybe I'm too much an old school admin but 'they' allways told me to > move all the libraries into the chroot environment (no symlinks > watsoever) and even (if possible) move the whole chroot environment > onto an special (read-only) filesystem... Then you might like the 'makejail' method best. See http://www.debian.org/doc/manuals/securing-debian-howto/ap-chroot-ssh-env.en.html Talks about sshd, but the switch to bind is just as easy. > > In my second example when I start the named daemon without the -t option > and use the (buggy) start-stop-daemon --chroot option the libraries are > used from the chroot environment. That was my point -- and it seems that > the 'standard' debian method of using a chroot environment (the link > from my original post) is moving the libraries into the chroot > environment and not using them..... Standard? There is no such think as a standard Debian method of setting up a chroot environment. Although we might need to write/implement one down... Javi
Attachment:
pgpVLtDKvbjUU.pgp
Description: PGP signature