[Freeipa-devel] [PATCHES] 0583-0584 Convert DNS default permissions to managed
Petr Viktorin
pviktori at redhat.com
Fri Jun 13 15:25:10 UTC 2014
With the first patch, old SYSTEM permissions can be replaced. The "Read
DNS Entries" did not have an associated ACI, but was rather rolled into
a single ACI with the managedBy rule used for per-zone access.
(and before that it was part of a deny rule.)
We can't remove this permission in an update file, because we need to
check that it is indeed an old SYSTEM perm and not a new one with the
same name.
The second patch converts DNS permissions to managed.
The ACIs are put directly in $SUFFIX, because the cn=dns subtree does
not exist in all installations.
I hope to change this for https://fedorahosted.org/freeipa/ticket/4058,
when I've thought more about relationships between plugins, packages,
install options, and the updater.
--
Petr³
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0583-managed-permission-updater-Add-mechanism-to-replace-.patch
Type: text/x-patch
Size: 2880 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140613/09418c4d/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0584-Convert-DNS-default-permissions-to-managed.patch
Type: text/x-patch
Size: 30237 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140613/09418c4d/attachment-0001.bin>
More information about the Freeipa-devel
mailing list