1 |
Thomas de Grenier de Latour wrote: |
2 |
> I think that protection against harmfull new config files should |
3 |
> be selective to be useful. It should only affect directories |
4 |
> from which files are blindly sourced by some services you are |
5 |
> already running. There, and only there¹, new config files are |
6 |
> unexpected change of your existing configuration, and thus lead |
7 |
> to unexpected behaviors. |
8 |
> [...] |
9 |
> The directories i'm thinking of are all this /etc/*.d/: "acpi.d", |
10 |
> "logrotate.d", "pam.d", etc. There, adding a new file is really |
11 |
> just like appending a new chunk to an existing config file. |
12 |
|
13 |
Indeed. But not only those, also the cron.*ly directories. The |
14 |
specific example I was thinking of is slocate, that isntalls a |
15 |
script into /etc/cron.daily, which I don't want there. |
16 |
|
17 |
> Implementation of a special anti-new-file-protection for this |
18 |
> critical directories could be done in at least two ways: |
19 |
> - a global NEW_CONFIG_PROTECT variable [...] |
20 |
> - an ebuild-specific variable, [...] |
21 |
|
22 |
Or via the config file of etc-update. Let the package manager |
23 |
always create ._cfg* files in the protected areas, and let the |
24 |
updater tool figure out from its configuration which files can be |
25 |
automerged and which to show diffs for. |
26 |
|
27 |
Benno |
28 |
-- |
29 |
gentoo-dev@g.o mailing list |