Firstyear
Firstyear
Still not a security issue but again - bad handling of a weird ui/ux use case. When alice goes to her profile->credential page, internally we treat this as though she...
@cuberoot74088 We have had issues when packaging sccache with opendal in other projects, so I want to avoid opendal here.
We are trying to be careful about pulling in more libraries. We already have so many in the project, and we are trying to be conservative in when we bring...
In theory that's fine. We have a cache yes, but after each transaction we flush/write it with sqlite underneath so provided that "sqlite implements its concurrency promises correctly" then it...
Then that should be fine. :)
I think that /var/run/kanidm-unixd should be created by systemd dynamicusers *before* the process starts. Can you paste the full content of `/lib/systemd/system/kanidm-unixd-tasks.service` for us to review?
> Here is `/lib/systemd/system/kanidm-unixd-tasks.service` from `kanidm-unixd 1.5.0-202502091034+d9f4dbd` Ahh, that's the issue. We have a fix for ordering this in 1.6.
So @wmlele is completely correct - kanidm-unixd doesn't work today under SELinux with leap 16. workaround - today you can make kanidm-unixd's domain permissive, while leaving the system in enforcing...
> [@Firstyear](https://github.com/Firstyear): thank you. I'll try and gather more information asap. Can you elaborate briefly on the "issues actually setting up leap 16 machines to even kanidm on"? We have...
I think the policy used in sle-16 is a fork of the refpolicy, I don't know how often they merge it in. I knew a few years back but I'd...