[Freeipa-devel] [PATCH 0137] spec: add conflict with bind-chroot to freeipa-server-dns
Martin Babinsky
mbabinsk at redhat.com
Fri Mar 11 08:32:44 UTC 2016
On 03/11/2016 07:24 AM, Jan Cholasta wrote:
> On 9.3.2016 11:14, Martin Babinsky wrote:
>> On 03/07/2016 04:28 PM, Martin Kosek wrote:
>>> On 03/07/2016 03:17 PM, Petr Spacek wrote:
>>>> On 7.3.2016 13:27, Jan Cholasta wrote:
>>>>> Hi,
>>>>>
>>>>> On 7.3.2016 12:47, Martin Babinsky wrote:
>>>>>> https://fedorahosted.org/freeipa/ticket/5696
>>>>>
>>>>> Shouldn't we rather fix IPA to work with bind running in chroot
>>>>> (which is
>>>>> AFAIK considered good security practice)?
>>>>
>>>> I would not invest into it:
>>>> http://www.freeipa.org/page/Howto/FreeIPA_with_integrated_BIND_inside_chroot#NOTE:_Chroot_should_not_be_considered_a_security_feature
>>>>
>>>>
>>>
>>> +1
>>>
>>> Martin
>>>
>>
>> Then the patch should be sufficient, yes?
>
> Yes, but I would prefer if the directive was visually separated from
> requires and had a comment (see how nss-pam-ldapd conflicts in
> freeipa-server is done).
>
Fixed
--
Martin^3 Babinsky
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbabinsk-0137.1-spec-add-conflict-with-bind-chroot-to-freeipa-server.patch
Type: text/x-patch
Size: 962 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160311/963ae1d2/attachment.bin>
More information about the Freeipa-devel
mailing list