Bug#747073: [cups-daemon] ListenStream=[::1]:631 makes socket fail if ipv6 module is not loaded
Didier 'OdyX' Raboud
odyx at debian.org
Tue Oct 21 21:50:37 BST 2014
Hi again all,
Le jeudi, 2 octobre 2014, 18.31:20 Didier 'OdyX' Raboud a écrit :
> I've gone further in my investigations and therefore filed these two
> bugs:
I've got answers on these two bugs:
https://bugs.freedesktop.org/show_bug.cgi?id=84604
Lennart Poettering saying:
> So, systemd currently doesn't support this scheme nicely. We should
> however.
> (…)
> Now, there's one problem with this: the latter line will cause the
> .socket unit to fail on kernels where ipv6 is not compiled in. The
> question now is what to do about this.
https://www.cups.org/str.php?L4491
Mike Sweet saying:
> OK, systemd's IPv4 over v6 address is NOT OK. v4-over-v6 is widely
> seen as a major security problem, which is why CUPS doesn't support it
> transparently.
> (…)
> The latest changes for STR #4497 no longer use systemd to make the
> localhost listeners, so this won't be an issue anymore...
The answers combined on both bugs lead me to the conclusion that the
socket-activation of CUPS on its INET ports is too premature in absence
of the hypothetical new "failure to listen on a port is non-fatal"
systemd feature, which is unlikely in Jessie.
I will proceed with dropping the "systemd socket activation by-default"
feature in Debian's CUPS in the next days, depending on the actual
testing migration. I'm not overly happy with this, but I think this is
the best way for a rock-solid CUPS in Jessie.
Cheers,
OdyX
More information about the Pkg-systemd-maintainers
mailing list