[Freeipa-devel] [PATCH 0137] spec: add conflict with bind-chroot to freeipa-server-dns
Martin Babinsky
mbabinsk at redhat.com
Wed Mar 9 10:14:08 UTC 2016
On 03/07/2016 04:28 PM, Martin Kosek wrote:
> On 03/07/2016 03:17 PM, Petr Spacek wrote:
>> On 7.3.2016 13:27, Jan Cholasta wrote:
>>> Hi,
>>>
>>> On 7.3.2016 12:47, Martin Babinsky wrote:
>>>> https://fedorahosted.org/freeipa/ticket/5696
>>>
>>> Shouldn't we rather fix IPA to work with bind running in chroot (which is
>>> AFAIK considered good security practice)?
>>
>> I would not invest into it:
>> http://www.freeipa.org/page/Howto/FreeIPA_with_integrated_BIND_inside_chroot#NOTE:_Chroot_should_not_be_considered_a_security_feature
>
> +1
>
> Martin
>
Then the patch should be sufficient, yes?
--
Martin^3 Babinsky
More information about the Freeipa-devel
mailing list