[Toffee]

Hello.

I've got few questions about bind chroot configuration.

Many tutorials explane that we must create an entire directory structure in the chroot directory. It means that libraries and binaries of Bind are present in the chroot directory. Many others indicate that CHROOT_DIR/dev, CHROOT_DIR/etc and CHROOT_DIR/var are sufficient and so, libraries and binaries aren't in the chroot directory.


What is the difference between these two configurations? What is the best configuration in term of security?

Thanks a lot for your response.