Is chroot really necessary?
Kevin Darcy
kcd at daimlerchrysler.com
Fri May 18 22:33:44 UTC 2001
Why bother linking statically? In BIND 8, some folks did this because
named-xfer was a separate program and so linking statically obviated the
need to populate the chroot jail with shared objects. But in BIND 9,
there is no separate named-xfer program, so you don't need to populate
anyway. Linking statically just bloats executable size.
- Kevin
Chris Pile wrote:
> BIND 8/9 isn't too difficult to get working inside a chroot. Just try
> to compile it statically:
>
> tar -xzvf bind-9.1.2.tar.gz
> cd bind-9.1.2
> CFLAGS='-g -O --static'
> export CFLAGS
> ./configure
> make
>
> Then you don't need any libraries etc.
>
> Also have a look at FreeBSD's jail. Even better than chroot.
> http://docs.freebsd.org/44doc/papers/jail/jail.html
>
> Chris.
More information about the bind-users
mailing list