On 9.3.2016 11:14, Martin Babinsky wrote:
On 03/07/2016 04:28 PM, Martin Kosek wrote:
On 03/07/2016 03:17 PM, Petr Spacek wrote:
On 7.3.2016 13:27, Jan Cholasta wrote:
Hi,

On 7.3.2016 12:47, Martin Babinsky wrote:
https://fedorahosted.org/freeipa/ticket/5696

Shouldn't we rather fix IPA to work with bind running in chroot
(which is
AFAIK considered good security practice)?

I would not invest into it:
http://www.freeipa.org/page/Howto/FreeIPA_with_integrated_BIND_inside_chroot#NOTE:_Chroot_should_not_be_considered_a_security_feature


+1

Martin


Then the patch should be sufficient, yes?

Yes, but I would prefer if the directive was visually separated from requires and had a comment (see how nss-pam-ldapd conflicts in freeipa-server is done).

--
Jan Cholasta

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to