Bug 1714247
| Summary: | ACI rule with ip=* denies IPv6 addresses | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Viktor Ashirov <vashirov> | ||||||
| Component: | 389-ds-base | Assignee: | mreynolds | ||||||
| Status: | CLOSED WONTFIX | QA Contact: | RHDS QE <ds-qe-bugs> | ||||||
| Severity: | unspecified | Docs Contact: | |||||||
| Priority: | unspecified | ||||||||
| Version: | 8.1 | CC: | lkrispen, mhonek, nkinder, rmeggins, spichugi, tbordaz, vashirov | ||||||
| Target Milestone: | rc | ||||||||
| Target Release: | 8.1 | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2019-05-30 06:43:18 UTC | Type: | Bug | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Attachments: |
|
||||||||
|
Description
Viktor Ashirov
2019-05-27 13:43:40 UTC
Created attachment 1573929 [details]
ipv4
Created attachment 1573930 [details]
ipv6
The problem here is that the code has no idea that ip="*" is a IPv4 or IPv6 wildcard. It would require a major change to the code to get this to work. Is there a valid use case for ip="*"? If not I'd like to close this as won't fix. I can only think of denying a specific user to connect over network, but allowing over ldapi. But in this case the deny rule works. It's only 'allow IPv6 via ip=*' that fails. Let's close it as WONTFIX. I will submit a PR to upstream to adjust the test so it won't affect package gating. Thanks! |