| 1 |
If you want to overide sandbox you can do it one of two ways: |
| 2 |
|
| 3 |
1) Overide it in portage by editing your /etc/make.conf file and adding |
| 4 |
a line of FEATURES="" at the bottom. |
| 5 |
|
| 6 |
2) Overide it for this package/path. Edit your version of the iptables |
| 7 |
ebuild with a statement of addwrite "/usr/sbin" |
| 8 |
|
| 9 |
BUT, installing something in a different location other than /usr should |
| 10 |
not spark a sandbox error. Sandbox is only concerned with a compilation |
| 11 |
writing things outside the temporary image area. |
| 12 |
|
| 13 |
You have to understand that when you ebuild is built it goes through |
| 14 |
these main steps: (there's technically more, but these are the most |
| 15 |
important) |
| 16 |
|
| 17 |
unpack - tarballs are unpacked into /var/tmp/portage/ebuild_name/work |
| 18 |
compile - ./configure and make are run -- this is where sandbox is most |
| 19 |
important and should not find an error |
| 20 |
install - make install is run with paths to install to |
| 21 |
/var/tmp/portage/ebuild_name/image |
| 22 |
merge - files from /var/tmp/portage/ebuild_name/image are "merged" with |
| 23 |
/ (or whatever $ROOT is set to) |
| 24 |
|
| 25 |
So, to answer your question ${D} is /var/tmp/portage/ebuild_name/image/ |
| 26 |
|
| 27 |
-Jared H. |
| 28 |
|
| 29 |
monkey wrote: |
| 30 |
> On Thu, Apr 18, 2002 at 02:43:09PM +0300, thus spake Vitaly Kushneriuk: |
| 31 |
> |
| 32 |
> |
| 33 |
>>Now that's silly. You say that system that uses NFS does not need a |
| 34 |
>>firewall? Wow ;). |
| 35 |
> |
| 36 |
> |
| 37 |
> NO!!!! You missed the point. I said that no firewall (itself) should use |
| 38 |
> netmounted filesystems! |
| 39 |
> |
| 40 |
> |
| 41 |
>>While iptables is a firewalling code it is not for a |
| 42 |
>>"pure firewall" systems only. Pretty much every system should install at |
| 43 |
>>least basic firewall, unless it's in a highly secure and trusted |
| 44 |
>>environment with a good external firewall. And firewall should be |
| 45 |
>>installed _before_ network comes up, so that there's no potential |
| 46 |
>>opportunity window for an attack. That's why it should go to /sbin. |
| 47 |
>>And this _is_ FHS compliant. |
| 48 |
> |
| 49 |
> |
| 50 |
> Point about FHS compliance taken. I still don't think that the |
| 51 |
> rationalization for the installdir move is valid, but that is another |
| 52 |
> matter entirely and not relevant to anyone but me. This has really turned |
| 53 |
> into more of an academic study as to why I am unable to modify the ebuild |
| 54 |
> to relocate the installation directories more than anything else at this |
| 55 |
> point. I didn't mean to irritate anybody, just wondered why it was so, and |
| 56 |
> how I could change things more to my taste. Thanks for the replies. Is |
| 57 |
> there any documentation that will explain the sandbox feature and how it |
| 58 |
> is defined in my ebuild. I have done a very simple ebuild, and I still get |
| 59 |
> sandbox violations. Where is the ${D} variable defined/set? Thanks again |
| 60 |
> for any help/pointers. |
| 61 |
> |
| 62 |
> geoffrey |
Archives