On Thu, Apr 18, 2002 at 02:43:09PM +0300, thus spake Vitaly Kushneriuk:

> Now that's silly. You say that system that uses NFS does not need a
> firewall? Wow ;). 

NO!!!! You missed the point. I said that no firewall (itself) should use
netmounted filesystems!

> While iptables is a firewalling code it is not for a
> "pure firewall" systems only. Pretty much every system should install at
> least basic firewall, unless it's in a highly secure and trusted
> environment with a good external firewall. And firewall should be
> installed _before_ network comes up, so that there's no potential
> opportunity window for an attack. That's why it should go to /sbin.
> And this _is_ FHS compliant.

Point about FHS compliance taken. I still don't think that the
rationalization for the installdir move is valid, but that is another
matter entirely and not relevant to anyone but me. This has really turned
into more of an academic study as to why I am unable to modify the ebuild
to relocate the installation directories more than anything else at this
point. I didn't mean to irritate anybody, just wondered why it was so, and
how I could change things more to my taste. Thanks for the replies. Is
there any documentation that will explain the sandbox feature and how it
is defined in my ebuild. I have done a very simple ebuild, and I still get
sandbox violations. Where is the ${D} variable defined/set? Thanks again 
for any help/pointers.

geoffrey
-- 
+++++++++++++++++++++++++++++++++++
Santa Claus,
the Tooth Fairy,
Windows 2000 ...
Some things you just outgrow.
+++++++++++++++++++++++++++++++++++