1 |
If you want to overide sandbox you can do it one of two ways: |
2 |
|
3 |
1) Overide it in portage by editing your /etc/make.conf file and adding |
4 |
a line of FEATURES="" at the bottom. |
5 |
|
6 |
2) Overide it for this package/path. Edit your version of the iptables |
7 |
ebuild with a statement of addwrite "/usr/sbin" |
8 |
|
9 |
BUT, installing something in a different location other than /usr should |
10 |
not spark a sandbox error. Sandbox is only concerned with a compilation |
11 |
writing things outside the temporary image area. |
12 |
|
13 |
You have to understand that when you ebuild is built it goes through |
14 |
these main steps: (there's technically more, but these are the most |
15 |
important) |
16 |
|
17 |
unpack - tarballs are unpacked into /var/tmp/portage/ebuild_name/work |
18 |
compile - ./configure and make are run -- this is where sandbox is most |
19 |
important and should not find an error |
20 |
install - make install is run with paths to install to |
21 |
/var/tmp/portage/ebuild_name/image |
22 |
merge - files from /var/tmp/portage/ebuild_name/image are "merged" with |
23 |
/ (or whatever $ROOT is set to) |
24 |
|
25 |
So, to answer your question ${D} is /var/tmp/portage/ebuild_name/image/ |
26 |
|
27 |
-Jared H. |
28 |
|
29 |
monkey wrote: |
30 |
> On Thu, Apr 18, 2002 at 02:43:09PM +0300, thus spake Vitaly Kushneriuk: |
31 |
> |
32 |
> |
33 |
>>Now that's silly. You say that system that uses NFS does not need a |
34 |
>>firewall? Wow ;). |
35 |
> |
36 |
> |
37 |
> NO!!!! You missed the point. I said that no firewall (itself) should use |
38 |
> netmounted filesystems! |
39 |
> |
40 |
> |
41 |
>>While iptables is a firewalling code it is not for a |
42 |
>>"pure firewall" systems only. Pretty much every system should install at |
43 |
>>least basic firewall, unless it's in a highly secure and trusted |
44 |
>>environment with a good external firewall. And firewall should be |
45 |
>>installed _before_ network comes up, so that there's no potential |
46 |
>>opportunity window for an attack. That's why it should go to /sbin. |
47 |
>>And this _is_ FHS compliant. |
48 |
> |
49 |
> |
50 |
> Point about FHS compliance taken. I still don't think that the |
51 |
> rationalization for the installdir move is valid, but that is another |
52 |
> matter entirely and not relevant to anyone but me. This has really turned |
53 |
> into more of an academic study as to why I am unable to modify the ebuild |
54 |
> to relocate the installation directories more than anything else at this |
55 |
> point. I didn't mean to irritate anybody, just wondered why it was so, and |
56 |
> how I could change things more to my taste. Thanks for the replies. Is |
57 |
> there any documentation that will explain the sandbox feature and how it |
58 |
> is defined in my ebuild. I have done a very simple ebuild, and I still get |
59 |
> sandbox violations. Where is the ${D} variable defined/set? Thanks again |
60 |
> for any help/pointers. |
61 |
> |
62 |
> geoffrey |