On Tue, Jul 31, 2012 at 09:49:45AM +0200, Jan Zelený wrote: > Dne pondělí 30 července 2012 19:04:50, Jakub Hrozek napsal(a): > > On Mon, Jul 30, 2012 at 09:34:43AM +0200, Jan Zelený wrote: > > > These three patches provide changes that reduce the amount of data > > > retrieved from IPA server in case this data is previously retrieved by > > > HBAC access provider. > > > > > > #168: modify hbac_get_cached_rules() so it can be used out of the HBAC > > > code > > > #169: use cache for HBAC rules > > > #170: use cache for host record > > > > Nack, the patches break HBAC-linked SELinux mappings completely. > > > > hbac_get_cached_rules() doesn't return originalDN, yet > > ipa_get_selinux_hbac_process depends on them. > > Thanks for catching this. As it turned out, I had disabled HBAC-linked rules > on my IPA server at some point, that's why I didn't catch this myself. > > > Code style issues are inline. > > All fixed, new patches attached. > > Thanks > Jan
Ack. _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
