[CentOS] bind chroot, bind mounts and selinux
Tom Robinson
tom.robinson at motec.com.auThu Sep 10 01:09:18 UTC 2015
- Previous message: [CentOS] setting up solr/tomcat gives 404 page
- Next message: [CentOS] bind chroot, bind mounts and selinux
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi All, I'm migrating a CentOS 6 bind instance (chrooted) to a CentOS 7 box and am curious of people's opinions on chrooting vs selinux as a way of securing bind. The bind-chroot on CentOS 7 also comes with a script (/usr/libexec/setup-named-chroot.sh) that sets up the much maligned systemd and, through bind mounts, creates and extra level of chroot hierarchy giving: /var/named/chroot/var/named/chroot/var/named which seems totally unnecessary. I'm sure that bind-chroot would be happy enough running without the bind mounts but would I be loosing anything in terms of security? Also, would I bother with chrooting at all if selinux can secure the environment for me? My own opinions aside what do others think and has anyone had experience with this? Kind regards, Tom -- Tom Robinson IT Manager/System Administrator MoTeC Pty Ltd 121 Merrindale Drive Croydon South 3136 Victoria Australia T: +61 3 9761 5050 F: +61 3 9761 5051 E: tom.robinson at motec.com.au -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20150910/17efb1da/attachment.sig>
- Previous message: [CentOS] setting up solr/tomcat gives 404 page
- Next message: [CentOS] bind chroot, bind mounts and selinux
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list