On Mon, Dec 16, 2019 at 11:33:28AM +0100, Dominik George wrote: > >> Why not just remove that line? > > > >The only line needed is: root/admin@INTERN * > >Intention is to fix the bug, but keep the change as minimal as > >possible. > Then it should be CIl in my opinion. Listing principals is the same as > getent passwd, so no additional leaks here. The i ACL allows tracking > other users' use of the network. It is thus part of the bug. IMO Cil is enough, but better safe than sorry. Just committed like proposed, thanks. Wolfgang
Attachment:
signature.asc
Description: PGP signature