The Shorewall 3.2 package (ebuild) for Gentoo has been showing a sandbox violation and it is reported here: http://bugs.gentoo.org/show_bug.cgi?id=140001 Natanael Copa has proposed a partial solution for Gentoo. However, I was wondering if the install.sh script could be altered upstream. This is only an enhancement request ;-). Not critical. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Vieri Di Paola wrote:> The Shorewall 3.2 package (ebuild) for Gentoo has been > showing a sandbox violation and it is reported here: > > http://bugs.gentoo.org/show_bug.cgi?id=140001 > > Natanael Copa has proposed a partial solution for > Gentoo. However, I was wondering if the install.sh > script could be altered upstream. > > This is only an enhancement request ;-). > Not critical. >Hi Vieri, I think it''s rather silly to force every Gentoo user to perform an extra step that a program can do. And the file being modified is NOT an existing file -- a new copy was just installed by the previous command! run_install $OWNERSHIP -m 0644 shorewall.conf \ ${PREFIX}/usr/share/shorewall/configfiles/shorewall.conf So I don''t understand what the problem is. Why should an installer not be free to modify the files that it is installing? Is it the dependency on perl that people object to? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
--- Tom Eastep <teastep@shorewall.net> wrote:> Vieri Di Paola wrote: > > The Shorewall 3.2 package (ebuild) for Gentoo has > been > > showing a sandbox violation and it is reported > here: > > > > http://bugs.gentoo.org/show_bug.cgi?id=140001 > > > > Natanael Copa has proposed a partial solution for > > Gentoo. However, I was wondering if the install.sh > > script could be altered upstream. > > > > This is only an enhancement request ;-). > > Not critical. > > > > Hi Vieri, > > I think it''s rather silly to force every Gentoo user > to perform an extra step > that a program can do.I agree. What if the install script is modified this way (just adding ${PREFIX}...): under # Install the config file: qt mywhich perl && perl -p -w -i -e ''s|^CONFIG_PATH=.*|CONFIG_PATH=/usr/share/shorewall/configfiles:/usr/share/shorewall|;'' ${PREFIX}/usr/share/shorewall/configfiles/shorewall.conf and under # Install the firewall script: qt mywhich perl && perl -p -w -i -e ''s/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;'' ${PREFIX}/etc/shorewall/shorewall.conf With these changes, sandbox doesn''t seem to complain. (will do further checks)> Is it the > dependency on perl that > people object to?no, not in this case at least. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Vieri Di Paola wrote:> > I agree. > What if the install script is modified this way (just > adding ${PREFIX}...): > under # Install the config file: > > qt mywhich perl && perl -p -w -i -e > ''s|^CONFIG_PATH=.*|CONFIG_PATH=/usr/share/shorewall/configfiles:/usr/share/shorewall|;'' > ${PREFIX}/usr/share/shorewall/configfiles/shorewall.conf > > and under # Install the firewall script: > > qt mywhich perl && perl -p -w -i -e > ''s/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;'' > ${PREFIX}/etc/shorewall/shorewall.conf > > With these changes, sandbox doesn''t seem to complain. > (will do further checks) >Ah -- so it is just a bug in the Install script then. Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
Tom Eastep wrote:> Vieri Di Paola wrote: >> I agree. >> What if the install script is modified this way (just >> adding ${PREFIX}...): >> under # Install the config file: >> >> qt mywhich perl && perl -p -w -i -e >> ''s|^CONFIG_PATH=.*|CONFIG_PATH=/usr/share/shorewall/configfiles:/usr/share/shorewall|;'' >> ${PREFIX}/usr/share/shorewall/configfiles/shorewall.conf >> >> and under # Install the firewall script: >> >> qt mywhich perl && perl -p -w -i -e >> ''s/^STARTUP_ENABLED=No/STARTUP_ENABLED=Yes/;s/^IP_FORWARDING=On/IP_FORWARDING=Keep/;s/^SUBSYSLOCK=.*/SUBSYSLOCK=/;'' >> ${PREFIX}/etc/shorewall/shorewall.conf >> >>Note that in the second case (under # Install the firewall script), the code is only executed if $PREFIX is empty. So that change looks superfluous. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
--- Tom Eastep <teastep@shorewall.net> wrote:> > Note that in the second case (under # Install the > firewall script), the code is > only executed if $PREFIX is empty. So that change > looks superfluous.ok, I see. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
On Fri, 2006-08-11 at 08:29 -0700, Vieri Di Paola wrote:> --- Tom Eastep <teastep@shorewall.net> wrote: > > > > Note that in the second case (under # Install the > > firewall script), the code is > > only executed if $PREFIX is empty. So that change > > looks superfluous. > > ok, I see.The change is in SVN (branches/3.2/Shorewall). This bug also caused the /usr/share/shorewall/configfiles/shorewall.conf file in the RPMs to be incorrect. A corrected version of that file is available at: http://www1.shorewall.net/pub/shorewall/3.2/shorewall-3.2.2/errata/Shorewall/configfiles/shorewall.conf. ftp://ftp1.shorewall.net/pub/shorewall/3.2/shorewall-3.2.2/errata/Shorewall/configfiles/shorewall.conf. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642