[Freeipa-devel] [PATCHES] 0583-0584 Convert DNS default permissions to managed
Petr Viktorin
pviktori at redhat.com
Mon Jun 16 15:43:50 UTC 2014
On 06/13/2014 05:25 PM, Petr Viktorin wrote:
>
> With the first patch, old SYSTEM permissions can be replaced. The "Read
> DNS Entries" did not have an associated ACI, but was rather rolled into
> a single ACI with the managedBy rule used for per-zone access.
> (and before that it was part of a deny rule.)
> We can't remove this permission in an update file, because we need to
> check that it is indeed an old SYSTEM perm and not a new one with the
> same name.
>
>
> The second patch converts DNS permissions to managed.
>
> The ACIs are put directly in $SUFFIX, because the cn=dns subtree does
> not exist in all installations.
>
> I hope to change this for https://fedorahosted.org/freeipa/ticket/4058,
> when I've thought more about relationships between plugins, packages,
> install options, and the updater.
Testing more, I found a benign bug: the updater complained if the cn=dns
container was missing. Fixed here.
Also, the update_dns_permissions plugin is now now obsolete, the third
patch removes it.
--
Petr³
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0583.2-managed-permission-updater-Add-mechanism-to-replace-.patch
Type: text/x-patch
Size: 2880 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140616/193a7856/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0584.2-Convert-DNS-default-permissions-to-managed.patch
Type: text/x-patch
Size: 30371 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140616/193a7856/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0588.2-Remove-the-update_dns_permissions-plugin.patch
Type: text/x-patch
Size: 4219 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140616/193a7856/attachment-0002.bin>
More information about the Freeipa-devel
mailing list