| 1 |
Thomas de Grenier de Latour wrote: |
| 2 |
> I think that protection against harmfull new config files should |
| 3 |
> be selective to be useful. It should only affect directories |
| 4 |
> from which files are blindly sourced by some services you are |
| 5 |
> already running. There, and only there¹, new config files are |
| 6 |
> unexpected change of your existing configuration, and thus lead |
| 7 |
> to unexpected behaviors. |
| 8 |
> [...] |
| 9 |
> The directories i'm thinking of are all this /etc/*.d/: "acpi.d", |
| 10 |
> "logrotate.d", "pam.d", etc. There, adding a new file is really |
| 11 |
> just like appending a new chunk to an existing config file. |
| 12 |
|
| 13 |
Indeed. But not only those, also the cron.*ly directories. The |
| 14 |
specific example I was thinking of is slocate, that isntalls a |
| 15 |
script into /etc/cron.daily, which I don't want there. |
| 16 |
|
| 17 |
> Implementation of a special anti-new-file-protection for this |
| 18 |
> critical directories could be done in at least two ways: |
| 19 |
> - a global NEW_CONFIG_PROTECT variable [...] |
| 20 |
> - an ebuild-specific variable, [...] |
| 21 |
|
| 22 |
Or via the config file of etc-update. Let the package manager |
| 23 |
always create ._cfg* files in the protected areas, and let the |
| 24 |
updater tool figure out from its configuration which files can be |
| 25 |
automerged and which to show diffs for. |
| 26 |
|
| 27 |
Benno |
| 28 |
-- |
| 29 |
gentoo-dev@g.o mailing list |
Archives