1 |
On Thu, Apr 18, 2002 at 02:43:09PM +0300, thus spake Vitaly Kushneriuk: |
2 |
|
3 |
> Now that's silly. You say that system that uses NFS does not need a |
4 |
> firewall? Wow ;). |
5 |
|
6 |
NO!!!! You missed the point. I said that no firewall (itself) should use |
7 |
netmounted filesystems! |
8 |
|
9 |
> While iptables is a firewalling code it is not for a |
10 |
> "pure firewall" systems only. Pretty much every system should install at |
11 |
> least basic firewall, unless it's in a highly secure and trusted |
12 |
> environment with a good external firewall. And firewall should be |
13 |
> installed _before_ network comes up, so that there's no potential |
14 |
> opportunity window for an attack. That's why it should go to /sbin. |
15 |
> And this _is_ FHS compliant. |
16 |
|
17 |
Point about FHS compliance taken. I still don't think that the |
18 |
rationalization for the installdir move is valid, but that is another |
19 |
matter entirely and not relevant to anyone but me. This has really turned |
20 |
into more of an academic study as to why I am unable to modify the ebuild |
21 |
to relocate the installation directories more than anything else at this |
22 |
point. I didn't mean to irritate anybody, just wondered why it was so, and |
23 |
how I could change things more to my taste. Thanks for the replies. Is |
24 |
there any documentation that will explain the sandbox feature and how it |
25 |
is defined in my ebuild. I have done a very simple ebuild, and I still get |
26 |
sandbox violations. Where is the ${D} variable defined/set? Thanks again |
27 |
for any help/pointers. |
28 |
|
29 |
geoffrey |
30 |
-- |
31 |
+++++++++++++++++++++++++++++++++++ |
32 |
Santa Claus, |
33 |
the Tooth Fairy, |
34 |
Windows 2000 ... |
35 |
Some things you just outgrow. |
36 |
+++++++++++++++++++++++++++++++++++ |