[Freeipa-devel] [PATCH 0137] spec: add conflict with bind-chroot to freeipa-server-dns
Jan Cholasta
jcholast at redhat.com
Fri Mar 11 06:24:22 UTC 2016
On 9.3.2016 11:14, Martin Babinsky wrote:
> On 03/07/2016 04:28 PM, Martin Kosek wrote:
>> On 03/07/2016 03:17 PM, Petr Spacek wrote:
>>> On 7.3.2016 13:27, Jan Cholasta wrote:
>>>> Hi,
>>>>
>>>> On 7.3.2016 12:47, Martin Babinsky wrote:
>>>>> https://fedorahosted.org/freeipa/ticket/5696
>>>>
>>>> Shouldn't we rather fix IPA to work with bind running in chroot
>>>> (which is
>>>> AFAIK considered good security practice)?
>>>
>>> I would not invest into it:
>>> http://www.freeipa.org/page/Howto/FreeIPA_with_integrated_BIND_inside_chroot#NOTE:_Chroot_should_not_be_considered_a_security_feature
>>>
>>
>> +1
>>
>> Martin
>>
>
> Then the patch should be sufficient, yes?
Yes, but I would prefer if the directive was visually separated from
requires and had a comment (see how nss-pam-ldapd conflicts in
freeipa-server is done).
--
Jan Cholasta
More information about the Freeipa-devel
mailing list