6:03 a.m.
On 01/08/2015 05:19 PM, Aline Manera wrote:
On 07/01/2015 06:04, Paulo Ricardo Paz Vital wrote:
> If you remove the firewall and SELinux commands from one distro, you
> have to do the same for all supported distros by Kimchi. Also, there
> is a solution to the issue of rules don't be persistent after a
> service restart or machine reboot.
Yeap!
Ramon, please also check the kimchi.spec.suse.in and add instructions
to setup the firewall correct there too.
You can check README-federation that also contains firewall rules.
we don't
have any firewall change in suse spec. So, the changes will
only happen on fedora and debian.
>
> IMO, all these security code and tricks can be moved to a new plugin.
> If the user is interested to use the project security rules, he/she
> install the plugin.
We continue installing the firewalld config file. We are just removing
the commands.
As user may change the ports as they want I don't think a plugin will
take a big difference here.
>
> That's my 2 cents!
> Paulo Vital.
>
> On Tue Jan 06 2015 at 8:42:46 PM Ramon Medeiros
> <ramonn(a)linux.vnet.ibm.com <mailto:ramonn@linux.vnet.ibm.com>> wrote:
>
> On 01/06/2015 04:53 PM, CrÃstian Viana wrote:
> > On 06-01-2015 14:50, Ramon Medeiros wrote:
> >> +
> >> +Troubleshooting
> >> +---------------
> >
> > IMO, this section shouldn't be named "Troubleshooting"
because
> those
> > actions are required in order for Kimchi to work in a remote
> client.
> > It's not as if the user did something wrong and this section should
> > help them to fix it; this is a required extra step, in my view.
> >
> >> +Kimchi uses ports 8000, 8001 and 64667. If you are using
> firewalld,
> >> there is a easy way to add the rules:
> > *an* easy way
> >
> > Also, shouldn't this patch remove the firewall commands from
> > contrib/DEBIAN/* as well?
> The bug did not claimed for this issue on debian. I will check.
>
> --
> Ramon Nunes Medeiros
> Kimchi Developer
> Software Engineer - Linux Technology Center Brazil
> IBM Systems & Technology Group
> Phone : +55 19 2132 7878
> ramonn(a)br.ibm.com <mailto:ramonn@br.ibm.com>
>
> _______________________________________________
> Kimchi-devel mailing list
> Kimchi-devel(a)ovirt.org <mailto:Kimchi-devel@ovirt.org>
> http://lists.ovirt.org/mailman/listinfo/kimchi-devel
>
>
>
> _______________________________________________
> Kimchi-devel mailing list
> Kimchi-devel(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/kimchi-devel
--
Ramon Nunes Medeiros
Kimchi Developer
Software Engineer - Linux Technology Center Brazil
IBM Systems & Technology Group
Phone : +55 19 2132 7878
ramonn(a)br.ibm.com