1 |
monkey wrote: |
2 |
> ... how can I get something installed in /usr/sbin? This will probably |
3 |
> open up a can of worms, but here I go. I want to change the ebuild for |
4 |
> iptables-1.2.6a to install with the prefix "/usr". Why, well I feel that |
5 |
> it is more FHS-compliant since the reasoning in the ebuild states that |
6 |
> things were moved back to /sbin and /lib to help people with netmounted |
7 |
> /usr systems get things working properly. I take exception to that on two |
8 |
> points: one, iptables is firewalling code and nothing more, and two, no |
9 |
> firewall should have netmounted systems. The FHS recommends keeping / as |
10 |
> free of things as possible. Only applications needed to repair filesystems |
11 |
> and get simple communication going are recommended for install in /. Since |
12 |
> no firewall should have any netmounted filesystems, I don't see the |
13 |
> validity in the argument for moving everything into /sbin and /lib. |
14 |
> However, changing the ebuild to fix this results in a "sandbox violation" |
15 |
> and the emerge fails. So, how can I bypass the sandbox for my iptables |
16 |
> install? This is not a swipe at the maintainer, I just have a different |
17 |
> opinion of where I want my userspace firewall code to live. Thanks for any |
18 |
> pointers. |
19 |
|
20 |
I don't understand. Why can't you just change whatever it is in the |
21 |
iptables ebuild that specifies prefix=/ to prefix=/usr ? (this may require |
22 |
changing more than just the ./configure stuff). You didn't say exactly |
23 |
what you are trying to do to effect this, but it must be wrong. You will |
24 |
only get sandbox violations if you try to install stuff outside the sandbox |
25 |
before the merge stage, and that is always wrong (unless you have a darn |
26 |
good reason). Remember that first the iptables stuff will be installed to |
27 |
${D}/usr/sbin and ${D}/usr/lib, and then will be merged into the real file |
28 |
system. |
29 |
|
30 |
Chad (chadh@g.o) |