On Tue, Jul 31, 2012 at 02:10:54PM +0200, Jakub Hrozek wrote: > On Tue, Jul 31, 2012 at 09:49:45AM +0200, Jan Zelený wrote: > > Dne pondělí 30 července 2012 19:04:50, Jakub Hrozek napsal(a): > > > On Mon, Jul 30, 2012 at 09:34:43AM +0200, Jan Zelený wrote: > > > > These three patches provide changes that reduce the amount of data > > > > retrieved from IPA server in case this data is previously retrieved by > > > > HBAC access provider. > > > > > > > > #168: modify hbac_get_cached_rules() so it can be used out of the HBAC > > > > code > > > > #169: use cache for HBAC rules > > > > #170: use cache for host record > > > > > > Nack, the patches break HBAC-linked SELinux mappings completely. > > > > > > hbac_get_cached_rules() doesn't return originalDN, yet > > > ipa_get_selinux_hbac_process depends on them. > > > > Thanks for catching this. As it turned out, I had disabled HBAC-linked > > rules > > on my IPA server at some point, that's why I didn't catch this myself. > > > > > Code style issues are inline. > > > > All fixed, new patches attached. > > > > Thanks > > Jan > > Ack.
Pushed to master. _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
