Re: LIDS vers. chroot
Hi,
> Benjamin Schuele wrote:
>
> I would like to initiate a discussion about LIDS and chroot to setup a
> secure server.
i prefer the solution to use chroot _with_ LIDS.
Make everything you would do without chroot and chroot the process (e.g.
bind, apache, etc.).
Remove the CAP_SYS_CHROOT from _every_ binary within the chroot, only
programs outside the chroot should have them.
Well, i think the solution depends on you paranoia level ;)
Regards,
Ralf Dreibrodt
--
Mesos Telefon 49 221 4855798-1
Eupener Str. 150 Fax 49 221 4855798-9
50933 Koeln Mail rd@mesos.de
Reply to: