10 Sep
2015
10 Sep
'15
1:52 a.m.
Tom Robinson writes:
The bind-chroot on CentOS 7 also comes with a script (/usr/libexec/setup-named-chroot.sh) that sets up the much maligned systemd and, through bind mounts, creates and extra level of chroot hierarchy giving:
/var/named/chroot/var/named/chroot/var/named which seems totally unnecessary.
Obligatory knee-jerk response: Have you considered nsd3 + unbound instead?
I'm migrating a CentOS 6 bind instance (chrooted) to a CentOS 7 box and am curious of people's opinions on chrooting vs selinux as a way of securing bind.
chroot isn't a security mechanism.