severity 927747 serious thanks
Le mar. 23 avr. 2019 à 23:12, Steinar H. Gunderson <se...@debian.org> a écrit : > > On Tue, Apr 23, 2019 at 10:24:54PM +0200, Mathieu Parent wrote: > > There are several issues here. Trying a summary. > > 1. We need to patch bind9 apparmor profile (this is the cloned bug) > > Yes. > > > 2. The /var/lib/samba/bind-dns directory is created on domain > > provision. Nothing to do here? > > It's not created on upgrade from stretch, though? You don't re-provision your > domain when upgrading Samba, yet upgrading should be allowed. > > > 2. bind9 conf "include" should be updated. As the conffile is not > > owned by samba all we can do is printing a message in samba preinst > > (if include "/usr/local/samba/private/named.conf" is found in > > /etc/named/named.conf or /etc/bind/named.conf.local) > > Yes. > > > 3.Patching "named.conf" template to load the correct bind9 module (i.e 9.11) > > I _think_ samba_dnsupgradedns writes a new config fragment. > > > 4. Run "samba_upgradedns --dns-backend=BIND9_DLZ", but when? > > I would assume in postinst (assuming we detect its use). > I've started to work on this but was unable to automate things. Will try again Downgrading the severity as the AppArmor side is already fixed it seems in sid. Regards -- Mathieu Parent
