| 1 |
On December 4, 2014 10:31:30 AM PST, Andrew Savchenko <bircoph@g.o> wrote: |
| 2 |
>As for later loop detector, it may break need dependency. Current |
| 3 |
>need dependency for iptables is fsck <- localmount <- iptables, so |
| 4 |
>it is still unlikely that your daemon will be caught in such |
| 5 |
>need-only loop. Though on author's request later loop solver is out |
| 6 |
>of scope of this discussion now... |
| 7 |
|
| 8 |
I was indeed talking about the late loop detector, not the early loop detector. I agree that the dependencies for iptables are pretty simple right now; I was more pointing out that even if the user modifies them to be complicated enough to have a loop, it would be preferable to fail secure (start nothing) rather than open (omit iptables). |
| 9 |
|
| 10 |
As the late loop detector is no longer under consideration, however, I retract my question. |
| 11 |
|
| 12 |
-- |
| 13 |
Christopher Head |
Archives