On Thu, Sep 14, 2017 at 3:44 AM, Jakub Jelen <jjelen@xxxxxxxxxx> wrote: > On Wed, 2017-09-13 at 06:15 -0400, Neal Gompa wrote: >> So, I'm a comaintainer of a package that uses libwrap and such >> (stunnel), and I don't particularly want to lose the tcp_wrappers >> support in it, because I use stunnel in containers to set up secure >> tunnels across a number of systems. Unlike firewall rules (which >> apply >> globally to the host), the hosts.deny rules apply only within the >> container, which is the behavior I want. >> >> Also, your recommended alternative of using tcpd doesn't work if the >> package containing it is gone (tcp_wrappers). > > It is not yet decided if the package will go away altogether or just as > a dependency of other packages. I would rather go with the first > possibility, but the second is still here as a backup. > > At this point we are also in the process of investigating a replacement > in systemd, which should take care of such simple use cases as > containers with a single stunnel service. > > Regards, > -- > Jakub Jelen > Software Engineer > Security Technologies > Red Hat, Inc. > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx And... "let's replace something that is stable, long supported, and works across multiple platforms with an untested new systemd feature for which stable software will have to be rewritten and thus a fork maintained for Linux" has been a longstanding problem. There have been too many half-thought-out sytemd "enhancements" that break working software and use models. Unless there is something that is much *better* than tcp_wrappers for these well defined tasks, I'd urge simply leaving it alone. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
