Bug 1518785
Summary: | [F28 change] sslh should not require tcp_wrappers | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jakub Jelen <jjelen> |
Component: | sslh | Assignee: | James Hogarth <james.hogarth> |
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | rawhide | CC: | james.hogarth |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-12-01 10:56:21 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1495181, 1596070 |
Description
Jakub Jelen
2017-11-29 14:59:15 UTC
Thanks for the report, I'll adjust it tonight and carry out a fresh build in rawhide. On a sidenote your change page has an example which does not follow best practice. If you copy over the whole service file from /usr/lib/systemd/system to /etc/systemd/system then any bug fixes or new features added to the service file (security etc) will not be picked up. The proper way is to do a systemd override ... in the case of your example just /etc/systemd/system/sshd@.service.d/tcp_override.conf To override a ExecStart you need to do two lines: ExecStart= ExecStart=@-/usr/sbin/tcpd /usr/sbin/sshd -i $OPTIONS $CRYPTO_POLICY The reason for this is that a single ExecStart will just be executed as if there were multiple lines, but doing the blank one first "resets" the behaviour. |