extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-21 15:13:10 +01:00
Code Issues Packages Projects Releases Wiki Activity

Chop first config dir if non-root or if compiling for export.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2017-11-22 10:25:24 -08:00
parent 5aaf1e53de
commit 7289175070
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
15 changed files with 34 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/Perl/Shorewall/Compiler.pm
View File

@ -59,7 +59,7 @@ our $have_arptables;
# Initilize the package-globals in the other modules
#
sub initialize_package_globals( $$$ ) {
Shorewall::Config::initialize($family, $_[1], $_[2]);
Shorewall::Config::initialize($family, $export, $_[1], $_[2]);
Shorewall::Chains::initialize ($family, 1, $export );
Shorewall::Zones::initialize ($family, $_[0]);
Shorewall::Nat::initialize($family);

13
Shorewall/Perl/Shorewall/Config.pm
View File

@ -675,6 +675,7 @@ our $debug; # Global debugging flag
our $confess; # If true, use Carp to report errors with stack trace.
our $family; # Protocol family (4 or 6)
our $export; # True when compiling for export
our $toolname; # Name of the tool to use (iptables or iptables6)
our $toolNAME; # Tool name in CAPS
our $product; # Name of product that will run the generated script
@ -788,8 +789,8 @@ sub add_variables( \% );
# 2. The compiler can run multiple times in the same process so it has to be
# able to re-initialize its dependent modules' state.
#
sub initialize( $;$$) {
( $family, my ( $shorewallrc, $shorewallrc1 ) ) = @_;
sub initialize( $;$$$) {
( $family, $export, my ( $shorewallrc, $shorewallrc1 ) ) = @_;
if ( $family == F_IPV4 ) {
( $product, $Product, $toolname, $toolNAME ) = qw( shorewall Shorewall iptables IPTABLES );
@ -5328,7 +5329,13 @@ sub ensure_config_path() {
fatal_error "CONFIG_PATH not found in $f" unless $config{CONFIG_PATH};
}
@config_path = split /:/, $config{CONFIG_PATH};
my $path = $config{CONFIG_PATH};
my $chop = ( $path =~ s/^:// );
@config_path = split /:/, $path;
shift @config_path if $chop && ( $export || $> != 0 );
#
# To accomodate Cygwin-based compilation, we have separate directories for files whose names

2
Shorewall/Samples/Universal/shorewall.conf
View File

@ -77,7 +77,7 @@ UNTRACKED_LOG_LEVEL=
ARPTABLES=
CONFIG_PATH="${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
CONFIG_PATH=":${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
GEOIPDIR=/usr/share/xt_geoip/LE

2
Shorewall/Samples/one-interface/shorewall.conf
View File

@ -88,7 +88,7 @@ UNTRACKED_LOG_LEVEL=
ARPTABLES=
CONFIG_PATH="${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
CONFIG_PATH=":${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
GEOIPDIR=/usr/share/xt_geoip/LE

2
Shorewall/Samples/three-interfaces/shorewall.conf
View File

@ -85,7 +85,7 @@ UNTRACKED_LOG_LEVEL=
ARPTABLES=
CONFIG_PATH="${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
CONFIG_PATH=":${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
GEOIPDIR=/usr/share/xt_geoip/LE

2
Shorewall/Samples/two-interfaces/shorewall.conf
View File

@ -88,7 +88,7 @@ UNTRACKED_LOG_LEVEL=
ARPTABLES=
CONFIG_PATH="${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
CONFIG_PATH=":${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
GEOIPDIR=/usr/share/xt_geoip/LE

2
Shorewall/configfiles/shorewall.conf
View File

@ -77,7 +77,7 @@ UNTRACKED_LOG_LEVEL=
ARPTABLES=
CONFIG_PATH="${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
CONFIG_PATH=":${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
GEOIPDIR=/usr/share/xt_geoip/LE

2
Shorewall/configpath
View File

@ -3,4 +3,4 @@
#
# /usr/share/shorewall/configpath
#
CONFIG_PATH=${CONFDIR}/shorewall:${SHAREDIR}/shorewall
CONFIG_PATH=":${CONFDIR}/shorewall:${SHAREDIR}/shorewall"

12
Shorewall/manpages/shorewall.conf.xml
View File

@ -673,7 +673,7 @@
<varlistentry>
<term><emphasis
role="bold">CONFIG_PATH</emphasis>=[<emphasis>directory</emphasis>[:<emphasis>directory</emphasis>]...]</term>
role="bold">CONFIG_PATH</emphasis>=[[:]<emphasis>directory</emphasis>[:<emphasis>directory</emphasis>]...]</term>
<listitem>
<para>Specifies where configuration files other than
@ -701,6 +701,16 @@
/etc/shorewall:/usr/share/shorewall but your particular distribution
may set it differently. See the output of shorewall show config for
the default on your system.</para>
<para>Beginning with Shorewall 5.1.10, the CONFIG_PATH setting may
begin with a colon (":"), to signal that the first
<replaceable>directory</replaceable> listed will be skipped if the
user performing a compilation is not root or if the configuration is
being compiled for export (-e option specified or if running one of
the remote-* commands) . This prevents the compiler from looking in
<filename>/etc/shorewall[6]</filename>/ when compilation is being
done by a non-root user or if the generated script is to be sent to
a remote firewall system.</para>
</listitem>
</varlistentry>

2
Shorewall6/Samples6/Universal/shorewall6.conf
View File

@ -74,7 +74,7 @@ UNTRACKED_LOG_LEVEL=
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
###############################################################################
CONFIG_PATH=${CONFDIR}/shorewall6:${SHAREDIR}/shorewall6:${SHAREDIR}/shorewall
CONFIG_PATH=":${CONFDIR}/shorewall6:${SHAREDIR}/shorewall6:${SHAREDIR}/shorewall"
GEOIPDIR=/usr/share/xt_geoip/LE

2
Shorewall6/Samples6/one-interface/shorewall6.conf
View File

@ -75,7 +75,7 @@ UNTRACKED_LOG_LEVEL=
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
###############################################################################
CONFIG_PATH="${CONFDIR}/shorewall6:/usr/share/shorewall6:${SHAREDIR}/shorewall"
CONFIG_PATH=":${CONFDIR}/shorewall6:/usr/share/shorewall6:${SHAREDIR}/shorewall"
GEOIPDIR=/usr/share/xt_geoip/LE

2
Shorewall6/Samples6/three-interfaces/shorewall6.conf
View File

@ -74,7 +74,7 @@ UNTRACKED_LOG_LEVEL=
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
###############################################################################
CONFIG_PATH=${CONFDIR}/shorewall6:${SHAREDIR}/shorewall6:${SHAREDIR}/shorewall
CONFIG_PATH=":${CONFDIR}/shorewall6:${SHAREDIR}/shorewall6:${SHAREDIR}/shorewall"
GEOIPDIR=/usr/share/xt_geoip/LE

2
Shorewall6/Samples6/two-interfaces/shorewall6.conf
View File

@ -74,7 +74,7 @@ UNTRACKED_LOG_LEVEL=
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
###############################################################################
CONFIG_PATH=${CONFDIR}/shorewall6:${SHAREDIR}/shorewall6:${SHAREDIR}/shorewall
CONFIG_PATH=":${CONFDIR}/shorewall6:${SHAREDIR}/shorewall6:${SHAREDIR}/shorewall"
GEOIPDIR=/usr/share/xt_geoip/LE

2
Shorewall6/configfiles/shorewall6.conf
View File

@ -74,7 +74,7 @@ UNTRACKED_LOG_LEVEL=
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
###############################################################################
CONFIG_PATH="${CONFDIR}/shorewall6:/usr/share/shorewall6:${SHAREDIR}/shorewall"
CONFIG_PATH=":${CONFDIR}/shorewall6:/usr/share/shorewall6:${SHAREDIR}/shorewall"
GEOIPDIR=/usr/share/xt_geoip/LE

2
Shorewall6/configpath
View File

@ -3,4 +3,4 @@
#
# /usr/share/shorewall6/configpath
#
CONFIG_PATH=${CONFDIR}/shorewall6:${SHAREDIR}/shorewall6:${SHAREDIR}/shorewall
CONFIG_PATH=":${CONFDIR}/shorewall6:${SHAREDIR}/shorewall6:${SHAREDIR}/shorewall"