From the security perspective we've reviewed 389-ds version 1.4.0.18 in bug
http://bugzilla.suse.com/show_bug.cgi?id=1120189
http://bugzilla.suse.com/show_bug.cgi?id=1120189#c4
Matthias Gerstner changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mrueckert@suse.com
--- Comment #4 from Matthias Gerstner ---
It looks like the 389-ds package is not yet prepared to handle the capability
setting correctly. It also fails in the devel project for the same reason at
the moment.
There was no explicit request to backport this permission setting to SLE-15,
but I synced the permissions package in SLE-15-SP1 with Factory to avoid a
bunch of backports.
Correctly using the CAP_NET_BIND_SERVICE capability would be an improvement
for SLE-15-SP1, too. It shouldn't be too much effort to get it working. The
capability bit for ns-slapd is set anyways even in SLE-15:GA already, even if
it not actually used.
1111564. In SLE-15-SP1 we have version 1.4.03. 1.4.0.18 contains only
maintenance changes and it looks like no major changes in the area of the
initialization code are existing. Therefore it should be safe to apply the
capability bit there as well.
--
You are receiving this mail because:
You are on the CC list for the bug.