On 01/08/2015 05:19 PM, Aline Manera wrote:
On 07/01/2015 06:04, Paulo Ricardo Paz Vital wrote:
If you remove the firewall and SELinux commands from one distro, you have to do the same for all supported distros by Kimchi. Also, there is a solution to the issue of rules don't be persistent after a service restart or machine reboot.
Yeap!
Ramon, please also check the kimchi.spec.suse.in and add instructions to setup the firewall correct there too. You can check README-federation that also contains firewall rules.
we don't have any firewall change in suse spec. So, the changes will only happen on fedora and debian.
IMO, all these security code and tricks can be moved to a new plugin. If the user is interested to use the project security rules, he/she install the plugin.
We continue installing the firewalld config file. We are just removing the commands. As user may change the ports as they want I don't think a plugin will take a big difference here.
That's my 2 cents! Paulo Vital.
On Tue Jan 06 2015 at 8:42:46 PM Ramon Medeiros <ramonn@linux.vnet.ibm.com <mailto:ramonn@linux.vnet.ibm.com>> wrote:
On 01/06/2015 04:53 PM, CrÃstian Viana wrote: > On 06-01-2015 14:50, Ramon Medeiros wrote: >> + >> +Troubleshooting >> +--------------- > > IMO, this section shouldn't be named "Troubleshooting" because those > actions are required in order for Kimchi to work in a remote client. > It's not as if the user did something wrong and this section should > help them to fix it; this is a required extra step, in my view. > >> +Kimchi uses ports 8000, 8001 and 64667. If you are using firewalld, >> there is a easy way to add the rules: > *an* easy way > > Also, shouldn't this patch remove the firewall commands from > contrib/DEBIAN/* as well? The bug did not claimed for this issue on debian. I will check.
-- Ramon Nunes Medeiros Kimchi Developer Software Engineer - Linux Technology Center Brazil IBM Systems & Technology Group Phone : +55 19 2132 7878 ramonn@br.ibm.com <mailto:ramonn@br.ibm.com>
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org <mailto:Kimchi-devel@ovirt.org> http://lists.ovirt.org/mailman/listinfo/kimchi-devel
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
-- Ramon Nunes Medeiros Kimchi Developer Software Engineer - Linux Technology Center Brazil IBM Systems & Technology Group Phone : +55 19 2132 7878 ramonn@br.ibm.com