[Pkg-samba-maint] Bug#927747: Bug#927747: bind9_dlz backend is entirely broken in Debian
Mathieu Parent
math.parent at gmail.com
Wed May 8 21:02:46 BST 2019
severity 927747 serious
thanks
Le mar. 23 avr. 2019 à 23:12, Steinar H. Gunderson <sesse at debian.org> a écrit :
>
> On Tue, Apr 23, 2019 at 10:24:54PM +0200, Mathieu Parent wrote:
> > There are several issues here. Trying a summary.
> > 1. We need to patch bind9 apparmor profile (this is the cloned bug)
>
> Yes.
>
> > 2. The /var/lib/samba/bind-dns directory is created on domain
> > provision. Nothing to do here?
>
> It's not created on upgrade from stretch, though? You don't re-provision your
> domain when upgrading Samba, yet upgrading should be allowed.
>
> > 2. bind9 conf "include" should be updated. As the conffile is not
> > owned by samba all we can do is printing a message in samba preinst
> > (if include "/usr/local/samba/private/named.conf" is found in
> > /etc/named/named.conf or /etc/bind/named.conf.local)
>
> Yes.
>
> > 3.Patching "named.conf" template to load the correct bind9 module (i.e 9.11)
>
> I _think_ samba_dnsupgradedns writes a new config fragment.
>
> > 4. Run "samba_upgradedns --dns-backend=BIND9_DLZ", but when?
>
> I would assume in postinst (assuming we detect its use).
>
I've started to work on this but was unable to automate things. Will try again
Downgrading the severity as the AppArmor side is already fixed it seems in sid.
Regards
--
Mathieu Parent
More information about the Pkg-samba-maint
mailing list