[Freeipa-devel] [PATCH 0137] spec: add conflict with bind-chroot to freeipa-server-dns
Petr Spacek
pspacek at redhat.com
Mon Mar 7 14:17:01 UTC 2016
On 7.3.2016 13:27, Jan Cholasta wrote:
> Hi,
>
> On 7.3.2016 12:47, Martin Babinsky wrote:
>> https://fedorahosted.org/freeipa/ticket/5696
>
> Shouldn't we rather fix IPA to work with bind running in chroot (which is
> AFAIK considered good security practice)?
I would not invest into it:
http://www.freeipa.org/page/Howto/FreeIPA_with_integrated_BIND_inside_chroot#NOTE:_Chroot_should_not_be_considered_a_security_feature
--
Petr^2 Spacek
More information about the Freeipa-devel
mailing list