From: "Chad M. Huneycutt" <chad.huneycutt@acm.org>
To: gentoo-dev@gentoo.org
Subject: Re: [gentoo-dev] Overriding the sandbox, or ...
Date: Wed, 17 Apr 2002 18:09:38 -0400 [thread overview]
Message-ID: <3CBDF2A2.5040904@acm.org> (raw)
In-Reply-To: 20020417164403.A31405@watt-project.org
monkey wrote:
> ... how can I get something installed in /usr/sbin? This will probably
> open up a can of worms, but here I go. I want to change the ebuild for
> iptables-1.2.6a to install with the prefix "/usr". Why, well I feel that
> it is more FHS-compliant since the reasoning in the ebuild states that
> things were moved back to /sbin and /lib to help people with netmounted
> /usr systems get things working properly. I take exception to that on two
> points: one, iptables is firewalling code and nothing more, and two, no
> firewall should have netmounted systems. The FHS recommends keeping / as
> free of things as possible. Only applications needed to repair filesystems
> and get simple communication going are recommended for install in /. Since
> no firewall should have any netmounted filesystems, I don't see the
> validity in the argument for moving everything into /sbin and /lib.
> However, changing the ebuild to fix this results in a "sandbox violation"
> and the emerge fails. So, how can I bypass the sandbox for my iptables
> install? This is not a swipe at the maintainer, I just have a different
> opinion of where I want my userspace firewall code to live. Thanks for any
> pointers.
I don't understand. Why can't you just change whatever it is in the
iptables ebuild that specifies prefix=/ to prefix=/usr ? (this may require
changing more than just the ./configure stuff). You didn't say exactly
what you are trying to do to effect this, but it must be wrong. You will
only get sandbox violations if you try to install stuff outside the sandbox
before the merge stage, and that is always wrong (unless you have a darn
good reason). Remember that first the iptables stuff will be installed to
${D}/usr/sbin and ${D}/usr/lib, and then will be merged into the real file
system.
Chad (chadh@gentoo.org)
next prev parent reply other threads:[~2002-04-17 22:09 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-04-17 21:44 [gentoo-dev] Overriding the sandbox, or monkey
2002-04-17 22:09 ` Chad M. Huneycutt [this message]
2002-04-17 22:33 ` monkey
2002-04-18 11:43 ` Vitaly Kushneriuk
2002-04-18 18:36 ` monkey
2002-04-18 19:11 ` Jared H. Hudson
2002-04-18 19:21 ` monkey
2002-04-18 19:32 ` Jared H. Hudson
2002-04-18 20:58 ` Tod M. Neidt
2002-04-19 5:29 ` Matthew Kennedy
2002-04-20 17:53 ` monkey
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3CBDF2A2.5040904@acm.org \
--to=chad.huneycutt@acm.org \
--cc=gentoo-dev@gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox