On Fri, Sep 22, 2023 at 12:03:19PM -0000, Jay Smith via FreeIPA-users wrote:
> Thank you very much for your hint Ulf. That's working for me.
>
> docker run -it \
> -h ${MK_FREEIPA_SERVER_DOMAIN_NAME} \
> --name ipa \
> --sysctl net.ipv6.conf.all.disable_ipv6=0 \
> -v /tmp/freeipa-data/data:/data \
> -e "IPA_SERVER_HOSTNAME=${MK_FREEIPA_SERVER_DOMAIN_NAME}" \
> -e "IPA_SERVER_IP=${MK_FREEIPA_SERVER_IP}" \
> -e "DEBUG_TRACE=1" \
> -e "DEBUG_NO_EXIT=1" \
> --privileged=true \
Where did you find the guidance to use --privileged=true?
Is it actively harmful to the general security posture of the system
and should be avoided. It hasn't been needed for FreeIPA server
containers for ages.
> --ip "${MK_FREEIPA_SERVER_IP}" \
> --add-host "${MK_FREEIPA_SERVER_DOMAIN_NAME}:${MK_FREEIPA_SERVER_IP}" \
> -p "443:443" \
> freeipa/freeipa-server:fedora-38-4.10.2 \
> --skip-mem-check \
> --domain=${MK_INTERNAL_SUB_DOMAIN} \
> --realm=${MK_FREEIPA_SERVER_REALM} \
> --ds-password=${MK_FREEIPA_SERVER_DS_PASSWORD} \
> --ip-address=${MK_FREEIPA_SERVER_IP} \
> --admin-password=${MK_FREEIPA_SERVER_ADMIN_PASSWORD} \
> --no-host-dns \
> --unattended \
> --setup-dns \
> --allow-zone-overlap \
> --auto-reverse \
> --reverse-zone=${MK_FREEIPA_SERVER_DNS_REVERSE_ZONE} \
> --auto-forwarders \
> --no-ntp
--
Jan Pazdziora | OpenShift AI | Red Hat
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
