On 07/01/2015 06:04, Paulo Ricardo Paz Vital wrote:
If you remove the firewall and SELinux commands from one distro, you have to do the same for all supported distros by Kimchi. Also, there is a solution to the issue of rules don't be persistent after a service restart or machine reboot.
Yeap! Ramon, please also check the kimchi.spec.suse.in and add instructions to setup the firewall correct there too. You can check README-federation that also contains firewall rules.
IMO, all these security code and tricks can be moved to a new plugin. If the user is interested to use the project security rules, he/she install the plugin.
We continue installing the firewalld config file. We are just removing the commands. As user may change the ports as they want I don't think a plugin will take a big difference here.
That's my 2 cents! Paulo Vital.
On Tue Jan 06 2015 at 8:42:46 PM Ramon Medeiros <ramonn@linux.vnet.ibm.com <mailto:ramonn@linux.vnet.ibm.com>> wrote:
On 01/06/2015 04:53 PM, Crístian Viana wrote: > On 06-01-2015 14:50, Ramon Medeiros wrote: >> + >> +Troubleshooting >> +--------------- > > IMO, this section shouldn't be named "Troubleshooting" because those > actions are required in order for Kimchi to work in a remote client. > It's not as if the user did something wrong and this section should > help them to fix it; this is a required extra step, in my view. > >> +Kimchi uses ports 8000, 8001 and 64667. If you are using firewalld, >> there is a easy way to add the rules: > *an* easy way > > Also, shouldn't this patch remove the firewall commands from > contrib/DEBIAN/* as well? The bug did not claimed for this issue on debian. I will check.
-- Ramon Nunes Medeiros Kimchi Developer Software Engineer - Linux Technology Center Brazil IBM Systems & Technology Group Phone : +55 19 2132 7878 ramonn@br.ibm.com <mailto:ramonn@br.ibm.com>
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org <mailto:Kimchi-devel@ovirt.org> http://lists.ovirt.org/mailman/listinfo/kimchi-devel
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel