[Pkg-samba-maint] Bug#927747: Bug#927747: bind9_dlz backend is entirely broken in Debian
math.parent at gmail.com
Wed May 8 21:02:46 BST 2019
severity 927747 serious
Le mar. 23 avr. 2019 à 23:12, Steinar H. Gunderson <sesse at debian.org> a écrit :
> On Tue, Apr 23, 2019 at 10:24:54PM +0200, Mathieu Parent wrote:
> > There are several issues here. Trying a summary.
> > 1. We need to patch bind9 apparmor profile (this is the cloned bug)
> > 2. The /var/lib/samba/bind-dns directory is created on domain
> > provision. Nothing to do here?
> It's not created on upgrade from stretch, though? You don't re-provision your
> domain when upgrading Samba, yet upgrading should be allowed.
> > 2. bind9 conf "include" should be updated. As the conffile is not
> > owned by samba all we can do is printing a message in samba preinst
> > (if include "/usr/local/samba/private/named.conf" is found in
> > /etc/named/named.conf or /etc/bind/named.conf.local)
> > 3.Patching "named.conf" template to load the correct bind9 module (i.e 9.11)
> I _think_ samba_dnsupgradedns writes a new config fragment.
> > 4. Run "samba_upgradedns --dns-backend=BIND9_DLZ", but when?
> I would assume in postinst (assuming we detect its use).
I've started to work on this but was unable to automate things. Will try again
Downgrading the severity as the AppArmor side is already fixed it seems in sid.
More information about the Pkg-samba-maint