| 1 |
On Thu, Apr 18, 2002 at 02:43:09PM +0300, thus spake Vitaly Kushneriuk: |
| 2 |
|
| 3 |
> Now that's silly. You say that system that uses NFS does not need a |
| 4 |
> firewall? Wow ;). |
| 5 |
|
| 6 |
NO!!!! You missed the point. I said that no firewall (itself) should use |
| 7 |
netmounted filesystems! |
| 8 |
|
| 9 |
> While iptables is a firewalling code it is not for a |
| 10 |
> "pure firewall" systems only. Pretty much every system should install at |
| 11 |
> least basic firewall, unless it's in a highly secure and trusted |
| 12 |
> environment with a good external firewall. And firewall should be |
| 13 |
> installed _before_ network comes up, so that there's no potential |
| 14 |
> opportunity window for an attack. That's why it should go to /sbin. |
| 15 |
> And this _is_ FHS compliant. |
| 16 |
|
| 17 |
Point about FHS compliance taken. I still don't think that the |
| 18 |
rationalization for the installdir move is valid, but that is another |
| 19 |
matter entirely and not relevant to anyone but me. This has really turned |
| 20 |
into more of an academic study as to why I am unable to modify the ebuild |
| 21 |
to relocate the installation directories more than anything else at this |
| 22 |
point. I didn't mean to irritate anybody, just wondered why it was so, and |
| 23 |
how I could change things more to my taste. Thanks for the replies. Is |
| 24 |
there any documentation that will explain the sandbox feature and how it |
| 25 |
is defined in my ebuild. I have done a very simple ebuild, and I still get |
| 26 |
sandbox violations. Where is the ${D} variable defined/set? Thanks again |
| 27 |
for any help/pointers. |
| 28 |
|
| 29 |
geoffrey |
| 30 |
-- |
| 31 |
+++++++++++++++++++++++++++++++++++ |
| 32 |
Santa Claus, |
| 33 |
the Tooth Fairy, |
| 34 |
Windows 2000 ... |
| 35 |
Some things you just outgrow. |
| 36 |
+++++++++++++++++++++++++++++++++++ |
Archives