extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-25 00:53:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Chop first config dir if non-root or if compiling for export.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2017-11-22 10:25:24 -08:00
parent 5aaf1e53de
commit 7289175070
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
15 changed files with 34 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/Perl/Shorewall/Compiler.pm
View File

@ -59,7 +59,7 @@ our $have_arptables;
# Initilize the package-globals in the other modules # Initilize the package-globals in the other modules
# #
sub initialize_package_globals( $$$ ) { sub initialize_package_globals( $$$ ) {
Shorewall::Config::initialize($family, $_[1], $_[2]); Shorewall::Config::initialize($family, $export, $_[1], $_[2]);
Shorewall::Chains::initialize ($family, 1, $export ); Shorewall::Chains::initialize ($family, 1, $export );
Shorewall::Zones::initialize ($family, $_[0]); Shorewall::Zones::initialize ($family, $_[0]);
Shorewall::Nat::initialize($family); Shorewall::Nat::initialize($family);

13
Shorewall/Perl/Shorewall/Config.pm
View File

@ -675,6 +675,7 @@ our $debug; # Global debugging flag
our $confess; # If true, use Carp to report errors with stack trace. our $confess; # If true, use Carp to report errors with stack trace.
our $family; # Protocol family (4 or 6) our $family; # Protocol family (4 or 6)
our $export; # True when compiling for export
our $toolname; # Name of the tool to use (iptables or iptables6) our $toolname; # Name of the tool to use (iptables or iptables6)
our $toolNAME; # Tool name in CAPS our $toolNAME; # Tool name in CAPS
our $product; # Name of product that will run the generated script our $product; # Name of product that will run the generated script
@ -788,8 +789,8 @@ sub add_variables( \% );
# 2. The compiler can run multiple times in the same process so it has to be # 2. The compiler can run multiple times in the same process so it has to be
# able to re-initialize its dependent modules' state. # able to re-initialize its dependent modules' state.
# #
sub initialize( $;$$) { sub initialize( $;$$$) {
( $family, my ( $shorewallrc, $shorewallrc1 ) ) = @_; ( $family, $export, my ( $shorewallrc, $shorewallrc1 ) ) = @_;
if ( $family == F_IPV4 ) { if ( $family == F_IPV4 ) {
( $product, $Product, $toolname, $toolNAME ) = qw( shorewall Shorewall iptables IPTABLES ); ( $product, $Product, $toolname, $toolNAME ) = qw( shorewall Shorewall iptables IPTABLES );
@ -5328,7 +5329,13 @@ sub ensure_config_path() {
fatal_error "CONFIG_PATH not found in $f" unless $config{CONFIG_PATH}; fatal_error "CONFIG_PATH not found in $f" unless $config{CONFIG_PATH};
} }
@config_path = split /:/, $config{CONFIG_PATH}; my $path = $config{CONFIG_PATH};
my $chop = ( $path =~ s/^:// );
@config_path = split /:/, $path;
shift @config_path if $chop && ( $export || $> != 0 );
# #
# To accomodate Cygwin-based compilation, we have separate directories for files whose names # To accomodate Cygwin-based compilation, we have separate directories for files whose names

2
Shorewall/Samples/Universal/shorewall.conf
View File

@ -77,7 +77,7 @@ UNTRACKED_LOG_LEVEL=
ARPTABLES= ARPTABLES=
CONFIG_PATH="${CONFDIR}/shorewall:${SHAREDIR}/shorewall" CONFIG_PATH=":${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
GEOIPDIR=/usr/share/xt_geoip/LE GEOIPDIR=/usr/share/xt_geoip/LE

2
Shorewall/Samples/one-interface/shorewall.conf
View File

@ -88,7 +88,7 @@ UNTRACKED_LOG_LEVEL=
ARPTABLES= ARPTABLES=
CONFIG_PATH="${CONFDIR}/shorewall:${SHAREDIR}/shorewall" CONFIG_PATH=":${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
GEOIPDIR=/usr/share/xt_geoip/LE GEOIPDIR=/usr/share/xt_geoip/LE

2
Shorewall/Samples/three-interfaces/shorewall.conf
View File

@ -85,7 +85,7 @@ UNTRACKED_LOG_LEVEL=
ARPTABLES= ARPTABLES=
CONFIG_PATH="${CONFDIR}/shorewall:${SHAREDIR}/shorewall" CONFIG_PATH=":${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
GEOIPDIR=/usr/share/xt_geoip/LE GEOIPDIR=/usr/share/xt_geoip/LE

2
Shorewall/Samples/two-interfaces/shorewall.conf
View File

@ -88,7 +88,7 @@ UNTRACKED_LOG_LEVEL=
ARPTABLES= ARPTABLES=
CONFIG_PATH="${CONFDIR}/shorewall:${SHAREDIR}/shorewall" CONFIG_PATH=":${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
GEOIPDIR=/usr/share/xt_geoip/LE GEOIPDIR=/usr/share/xt_geoip/LE

2
Shorewall/configfiles/shorewall.conf
View File

@ -77,7 +77,7 @@ UNTRACKED_LOG_LEVEL=
ARPTABLES= ARPTABLES=
CONFIG_PATH="${CONFDIR}/shorewall:${SHAREDIR}/shorewall" CONFIG_PATH=":${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
GEOIPDIR=/usr/share/xt_geoip/LE GEOIPDIR=/usr/share/xt_geoip/LE

2
Shorewall/configpath
View File

@ -3,4 +3,4 @@
# #
# /usr/share/shorewall/configpath # /usr/share/shorewall/configpath
# #
CONFIG_PATH=${CONFDIR}/shorewall:${SHAREDIR}/shorewall CONFIG_PATH=":${CONFDIR}/shorewall:${SHAREDIR}/shorewall"

12
Shorewall/manpages/shorewall.conf.xml
View File

@ -673,7 +673,7 @@
<varlistentry> <varlistentry>
<term><emphasis <term><emphasis
role="bold">CONFIG_PATH</emphasis>=[<emphasis>directory</emphasis>[:<emphasis>directory</emphasis>]...]</term> role="bold">CONFIG_PATH</emphasis>=[[:]<emphasis>directory</emphasis>[:<emphasis>directory</emphasis>]...]</term>
<listitem> <listitem>
<para>Specifies where configuration files other than <para>Specifies where configuration files other than
@ -701,6 +701,16 @@
/etc/shorewall:/usr/share/shorewall but your particular distribution /etc/shorewall:/usr/share/shorewall but your particular distribution
may set it differently. See the output of shorewall show config for may set it differently. See the output of shorewall show config for
the default on your system.</para> the default on your system.</para>
<para>Beginning with Shorewall 5.1.10, the CONFIG_PATH setting may
begin with a colon (":"), to signal that the first
<replaceable>directory</replaceable> listed will be skipped if the
user performing a compilation is not root or if the configuration is
being compiled for export (-e option specified or if running one of
the remote-* commands) . This prevents the compiler from looking in
<filename>/etc/shorewall[6]</filename>/ when compilation is being
done by a non-root user or if the generated script is to be sent to
a remote firewall system.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>

2
Shorewall6/Samples6/Universal/shorewall6.conf
View File

@ -74,7 +74,7 @@ UNTRACKED_LOG_LEVEL=
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S # L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
############################################################################### ###############################################################################
CONFIG_PATH=${CONFDIR}/shorewall6:${SHAREDIR}/shorewall6:${SHAREDIR}/shorewall CONFIG_PATH=":${CONFDIR}/shorewall6:${SHAREDIR}/shorewall6:${SHAREDIR}/shorewall"
GEOIPDIR=/usr/share/xt_geoip/LE GEOIPDIR=/usr/share/xt_geoip/LE

2
Shorewall6/Samples6/one-interface/shorewall6.conf
View File

@ -75,7 +75,7 @@ UNTRACKED_LOG_LEVEL=
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S # L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
############################################################################### ###############################################################################
CONFIG_PATH="${CONFDIR}/shorewall6:/usr/share/shorewall6:${SHAREDIR}/shorewall" CONFIG_PATH=":${CONFDIR}/shorewall6:/usr/share/shorewall6:${SHAREDIR}/shorewall"
GEOIPDIR=/usr/share/xt_geoip/LE GEOIPDIR=/usr/share/xt_geoip/LE

2
Shorewall6/Samples6/three-interfaces/shorewall6.conf
View File

@ -74,7 +74,7 @@ UNTRACKED_LOG_LEVEL=
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S # L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
############################################################################### ###############################################################################
CONFIG_PATH=${CONFDIR}/shorewall6:${SHAREDIR}/shorewall6:${SHAREDIR}/shorewall CONFIG_PATH=":${CONFDIR}/shorewall6:${SHAREDIR}/shorewall6:${SHAREDIR}/shorewall"
GEOIPDIR=/usr/share/xt_geoip/LE GEOIPDIR=/usr/share/xt_geoip/LE

2
Shorewall6/Samples6/two-interfaces/shorewall6.conf
View File

@ -74,7 +74,7 @@ UNTRACKED_LOG_LEVEL=
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S # L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
############################################################################### ###############################################################################
CONFIG_PATH=${CONFDIR}/shorewall6:${SHAREDIR}/shorewall6:${SHAREDIR}/shorewall CONFIG_PATH=":${CONFDIR}/shorewall6:${SHAREDIR}/shorewall6:${SHAREDIR}/shorewall"
GEOIPDIR=/usr/share/xt_geoip/LE GEOIPDIR=/usr/share/xt_geoip/LE

2
Shorewall6/configfiles/shorewall6.conf
View File

@ -74,7 +74,7 @@ UNTRACKED_LOG_LEVEL=
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S # L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
############################################################################### ###############################################################################
CONFIG_PATH="${CONFDIR}/shorewall6:/usr/share/shorewall6:${SHAREDIR}/shorewall" CONFIG_PATH=":${CONFDIR}/shorewall6:/usr/share/shorewall6:${SHAREDIR}/shorewall"
GEOIPDIR=/usr/share/xt_geoip/LE GEOIPDIR=/usr/share/xt_geoip/LE

2
Shorewall6/configpath
View File

@ -3,4 +3,4 @@
# #
# /usr/share/shorewall6/configpath # /usr/share/shorewall6/configpath
# #
CONFIG_PATH=${CONFDIR}/shorewall6:${SHAREDIR}/shorewall6:${SHAREDIR}/shorewall CONFIG_PATH=":${CONFDIR}/shorewall6:${SHAREDIR}/shorewall6:${SHAREDIR}/shorewall"