Last time I played with the snort chroot stuff (which, I admit was a
little while ago now) it did not play well once you started introducing
database support.

If you have actually been able to get this working then I don't see why
it couldn't be something that's looked into.

I'm down as the current maintainer for that package but my time is a bit
pressed ATM. If your could log a PR that would be a good start, once I
see it come through I'll grab it.

thanks.

adrian.

diro@nixsys.bz wrote:

> Hi,
> 
> Would it be better to run the snort daemon in a chroot directory (like /var/chroot/snort or something) instead of its default (/nonexistent) via the -t flag in the rc.d script? Or at least have the option with a snort_chrootdir=""? I read about this option in the man page and was wondering if it was available, desirable, and / or unnecessary.
> 
> Thanks,
> 
> !tr
> 
>