postfix chrooted, bind not

Jamie Strandboge jamie at
Thu Jul 10 09:52:07 UTC 2008

On Mon, 07 Jul 2008, Andreas Hasenack wrote:

> Any particular reason why ubuntu ships postfix chrooted by default, but
> not bind? The security history of these two differs significantly.
IIRC, chrooted bind breaks various configurations. This was identified as
a significant issue and as of hardy, bind9 comes with an enforcing apparmor
profile by default, which effectivly protects bind9 in much the same way
a chroot would.


Ubuntu Security Engineer     |
Canonical Ltd.               |
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <>

More information about the ubuntu-server mailing list