[13:51] <roaksoax> Daviey: howdy! So I was wondering if something about the backporting/SRU'ing of MAAS has been discussed yet?
[14:42] <Daviey> roaksoax: no, still a little early
[15:09] <roaksoax> Daviey: right, but my point being is that we are introducing dependencies that are not even in precise's archive
[15:09] <roaksoax> Daviey: so was just wondering if a plan was drafted to deal with that
[15:09] <roaksoax> we can't simply be shipping more stuff with MAAS source
[15:10] <roaksoax> IMHO
[15:55] <allenap> Daviey: In the fullness of time, is the plan to do ephemeral (via iSCSI) boot, and allow ubiquity to install from that?
[15:59] <rvba> Daviey: looks like the default apparmor profile will prevent named to read the files in /var/cache/maas/bind don't you think?  I was trying to run a stupid (read with minimal configuration) dns server on a non standard port as a non-privileged
[15:59] <rvba> user and then I realized apparmor won't allow that.
[16:00] <rvba> Daviey: do you have any idea how to circumvent that problem?
[16:00] <Daviey> allenap: we won't be using ubiquity this cycle
[16:01] <allenap> Daviey: For 13.04 perhaps?
[16:01] <Daviey> rvba: just use the bind location for now..
[16:01] <Daviey> allenap: right
[16:01] <allenap> Ta.
[16:02] <rvba> Daviey: that means we can't run a stupid bind instance as part of the dev environment, or even in a fixture :(.
[16:02] <Daviey> arse
[16:03] <Daviey> rvba: join #ubuntu-hardened
[16:03] <rvba> We can live with it, but it reduce our ability to test things.
[16:03] <rvba> reduces*
[16:07] <allenap> Daviey, rvba: Does the apparmor profile apply if running bind as a different user? (/me has never used apparmor).
[16:08] <rvba> allenap: definitely does.
[16:08] <rvba> allenap: the profile is linked to the executable.
[16:08] <allenap> Grumble.
[16:22] <allenap> rvba: It'll allow any file under /etc/bind and /var/cache/bind, so perhaps use /var/cache/bind/maas instead of /var/cache/maas/bind?
[16:31] <rvba> allenap: Daviey says maybe we can have a named.d directory. But in the mean time, you're right, we will use /var/cache/bind/maas I think.