Bug 1518789
Summary: | [F28 change] stunnel should not require tcp_wrappers | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jakub Jelen <jjelen> |
Component: | stunnel | Assignee: | Tomas Mraz <tmraz> |
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | rawhide | CC: | avagarwa, ngompa13, tmraz |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | stunnel-5.44-1.fc28 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-01-11 17:30:30 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1495181, 1596070 |
Description
Jakub Jelen
2017-11-29 14:59:51 UTC
I don't think it's a good idea to remove this, as your proposed solution doesn't address what to do when stunnel is used in containers (as I do). But the Fedora change was accepted by FESCo already. BTW, the tcp_wrappers support is constant source of problems at least on the stunnel versions present in RHEL 6 and 7. It might be fixed in the current Fedora versions however it also might be possible that the stunnel is not used so heavily for these problems to appear on Fedora. Neal, tcpd should work also in containers, isn't it? As already said, FESCo already approved this change. But if the package will be removed completely or not is not set in the stone. If you would consider it as an option, I am fine with leaving the package in Fedora without devel subpackage. If it's really a constant source of problems, I guess it's okay to remove... Does anyone have any documented migration strategies? Several options are outlined in the change page linked in the bug description, either with tcpd (you can take the burden of the constant problems on yourself) or with systemd. There are other options specific to every application, though I can not find any specific for stunnel. Probably idea for feature request? The libwrap is not enabled by default since 5.0, according to documentation so having alternative to limit access in there would make sense to me. |