[Freeipa-devel] [PATCH 0137] spec: add conflict with bind-chroot to freeipa-server-dns
Jan Cholasta
jcholast at redhat.com
Fri Mar 18 08:33:22 UTC 2016
On 11.3.2016 09:32, Martin Babinsky wrote:
> On 03/11/2016 07:24 AM, Jan Cholasta wrote:
>> On 9.3.2016 11:14, Martin Babinsky wrote:
>>> On 03/07/2016 04:28 PM, Martin Kosek wrote:
>>>> On 03/07/2016 03:17 PM, Petr Spacek wrote:
>>>>> On 7.3.2016 13:27, Jan Cholasta wrote:
>>>>>> Hi,
>>>>>>
>>>>>> On 7.3.2016 12:47, Martin Babinsky wrote:
>>>>>>> https://fedorahosted.org/freeipa/ticket/5696
>>>>>>
>>>>>> Shouldn't we rather fix IPA to work with bind running in chroot
>>>>>> (which is
>>>>>> AFAIK considered good security practice)?
>>>>>
>>>>> I would not invest into it:
>>>>> http://www.freeipa.org/page/Howto/FreeIPA_with_integrated_BIND_inside_chroot#NOTE:_Chroot_should_not_be_considered_a_security_feature
>>>>>
>>>>>
>>>>>
>>>>
>>>> +1
>>>>
>>>> Martin
>>>>
>>>
>>> Then the patch should be sufficient, yes?
>>
>> Yes, but I would prefer if the directive was visually separated from
>> requires and had a comment (see how nss-pam-ldapd conflicts in
>> freeipa-server is done).
>>
> Fixed
Thanks, ACK.
Pushed to:
master: 3ab63fa6ba60947b1452c2108c4cf7637f4aacdb
ipa-4-3: 2b1b9ad6722e7008a97f09dc4a34019ad250cd4d
--
Jan Cholasta
More information about the Freeipa-devel
mailing list