On Thu, Sep 14, 2017 at 3:44 AM, Jakub Jelen <[email protected]> wrote: > On Wed, 2017-09-13 at 06:15 -0400, Neal Gompa wrote:
>> So, I'm a comaintainer of a package that uses libwrap and such >> (stunnel), and I don't particularly want to lose the tcp_wrappers >> support in it, because I use stunnel in containers to set up secure >> tunnels across a number of systems. Unlike firewall rules (which >> apply >> globally to the host), the hosts.deny rules apply only within the >> container, which is the behavior I want. >> >> Also, your recommended alternative of using tcpd doesn't work if the >> package containing it is gone (tcp_wrappers). > > It is not yet decided if the package will go away altogether or just as > a dependency of other packages. I would rather go with the first > possibility, but the second is still here as a backup. > > At this point we are also in the process of investigating a replacement > in systemd, which should take care of such simple use cases as > containers with a single stunnel service. > > Regards, > -- > Jakub Jelen > Software Engineer > Security Technologies > Red Hat, Inc. > _______________________________________________ > devel mailing list -- [email protected] > To unsubscribe send an email to [email protected] And... "let's replace something that is stable, long supported, and works across multiple platforms with an untested new systemd feature for which stable software will have to be rewritten and thus a fork maintained for Linux" has been a longstanding problem. There have been too many half-thought-out sytemd "enhancements" that break working software and use models. Unless there is something that is much *better* than tcp_wrappers for these well defined tasks, I'd urge simply leaving it alone. _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
