From b8c322a05fde7b1680a9599447eee8205916d5f4 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Fri, 6 Jan 2017 15:50:26 -0800 Subject: [PATCH] Ignore SUBSYSLOCK when $SERVICEDIR is non-empty Signed-off-by: Tom Eastep --- Shorewall/Perl/prog.footer | 2 ++ Shorewall/manpages/shorewall.conf.xml | 16 +++++++++++++--- Shorewall6/manpages/shorewall6.conf.xml | 18 ++++++++++++++---- 3 files changed, 29 insertions(+), 7 deletions(-) diff --git a/Shorewall/Perl/prog.footer b/Shorewall/Perl/prog.footer index e5c81f5e7..5936bda96 100644 --- a/Shorewall/Perl/prog.footer +++ b/Shorewall/Perl/prog.footer @@ -130,6 +130,8 @@ g_docker= g_dockernetwork= g_forcereload= +[ -n "$SERVICEDIR" ] && SUBSYSLOCK= + initialize if [ -n "$STARTUP_LOG" ]; then diff --git a/Shorewall/manpages/shorewall.conf.xml b/Shorewall/manpages/shorewall.conf.xml index 6104edfe6..6faa5a992 100644 --- a/Shorewall/manpages/shorewall.conf.xml +++ b/Shorewall/manpages/shorewall.conf.xml @@ -2570,9 +2570,19 @@ INLINE - - - ;; -j REJECT This parameter should be set to the name of a file that the firewall should create if it starts successfully and remove when it stops. Creating and removing this file allows Shorewall to work with - your distribution's initscripts. For RedHat and OpenSuSE, this - should be set to /var/lock/subsys/shorewall. For Debian, the value - is /var/lock/shorewall and in LEAF it is /var/run/shorewall. + your distribution's initscripts. For OpenSuSE, this should be set to + /var/lock/subsys/shorewall (var/lock/subsys/shorewall-lite if + building for export). For Gentoo, it should be set to + /run/lock/shorewall (/run/lock/shorewall-lite). For Redhat and + derivatives as well as Debian and derivatives, the pathname should + be omitted. + + + Beginning with Shorewall 5.1.0, this setting is ignored when + SERVICEDIR is non-empty in + ${SHAREDIR}/shorewall/shorewallrc (usually + /usr/share/shorewall/shorewallrc). + diff --git a/Shorewall6/manpages/shorewall6.conf.xml b/Shorewall6/manpages/shorewall6.conf.xml index 5978725a2..ebee8e8c5 100644 --- a/Shorewall6/manpages/shorewall6.conf.xml +++ b/Shorewall6/manpages/shorewall6.conf.xml @@ -2204,10 +2204,20 @@ INLINE - - - ;; -j REJECT This parameter should be set to the name of a file that the firewall should create if it starts successfully and remove when it - stops. Creating and removing this file allows Shorewall6 to work - with your distribution's initscripts. For RedHat, this should be set - to /var/lock/subsys/shorewall6. For Debian, the value is - /var/lock/shorewall6 and in LEAF it is /var/run/shorewall. + stops. Creating and removing this file allows Shorewall to work with + your distribution's initscripts. For OpenSuSE, this should be set to + /var/lock/subsys/shorewall6 (var/lock/subsys/shorewall6-lite if + building for export). For Gentoo, it should be set to + /run/lock/shorewall6 (/run/lock/shorewall6-lite). For Redhat and + derivatives as well as Debian and derivatives, the pathname should + be omitted. + + + Beginning with Shorewall 5.1.0, this setting is ignored when + SERVICEDIR is non-empty in + ${SHAREDIR}/shorewall/shorewallrc (usually + /usr/share/shorewall/shorewallrc). +