On Fri, Sep 22, 2023 at 12:03:19PM -0000, Jay Smith via FreeIPA-users wrote: > Thank you very much for your hint Ulf. That's working for me. > > docker run -it \ > -h ${MK_FREEIPA_SERVER_DOMAIN_NAME} \ > --name ipa \ > --sysctl net.ipv6.conf.all.disable_ipv6=0 \ > -v /tmp/freeipa-data/data:/data \ > -e "IPA_SERVER_HOSTNAME=${MK_FREEIPA_SERVER_DOMAIN_NAME}" \ > -e "IPA_SERVER_IP=${MK_FREEIPA_SERVER_IP}" \ > -e "DEBUG_TRACE=1" \ > -e "DEBUG_NO_EXIT=1" \ > --privileged=true \
Where did you find the guidance to use --privileged=true? Is it actively harmful to the general security posture of the system and should be avoided. It hasn't been needed for FreeIPA server containers for ages. > --ip "${MK_FREEIPA_SERVER_IP}" \ > --add-host "${MK_FREEIPA_SERVER_DOMAIN_NAME}:${MK_FREEIPA_SERVER_IP}" \ > -p "443:443" \ > freeipa/freeipa-server:fedora-38-4.10.2 \ > --skip-mem-check \ > --domain=${MK_INTERNAL_SUB_DOMAIN} \ > --realm=${MK_FREEIPA_SERVER_REALM} \ > --ds-password=${MK_FREEIPA_SERVER_DS_PASSWORD} \ > --ip-address=${MK_FREEIPA_SERVER_IP} \ > --admin-password=${MK_FREEIPA_SERVER_ADMIN_PASSWORD} \ > --no-host-dns \ > --unattended \ > --setup-dns \ > --allow-zone-overlap \ > --auto-reverse \ > --reverse-zone=${MK_FREEIPA_SERVER_DNS_REVERSE_ZONE} \ > --auto-forwarders \ > --no-ntp -- Jan Pazdziora | OpenShift AI | Red Hat _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue