r8300 - in trunk/BOOK/postlfs: config security

bdubbs at linuxfromscratch.org bdubbs at linuxfromscratch.org
Sat Mar 6 16:34:03 PST 2010


Author: bdubbs
Date: 2010-03-06 17:34:03 -0700 (Sat, 06 Mar 2010)
New Revision: 8300

Modified:
   trunk/BOOK/postlfs/config/devices.xml
   trunk/BOOK/postlfs/security/iptables.xml
Log:
Fix iptables install locations

Modified: trunk/BOOK/postlfs/config/devices.xml
===================================================================
--- trunk/BOOK/postlfs/config/devices.xml	2010-03-06 23:57:09 UTC (rev 8299)
+++ trunk/BOOK/postlfs/config/devices.xml	2010-03-07 00:34:03 UTC (rev 8300)
@@ -78,7 +78,7 @@
     installed by SANE change permissions for known scanners, but not printers.  
     If a package maintainer forgot to write a rule for your device,
     report a bug to both BLFS (if the package is there) and upstream, and 
-    you will need ot write your own rule.</para>
+    you will need to write your own rule.</para>
 
     <para>There is one situation when such fine-grained access control with
     pre-generated udev rules doesn't work. Namely, PC emulators such as KVM,

Modified: trunk/BOOK/postlfs/security/iptables.xml
===================================================================
--- trunk/BOOK/postlfs/security/iptables.xml	2010-03-06 23:57:09 UTC (rev 8299)
+++ trunk/BOOK/postlfs/security/iptables.xml	2010-03-07 00:34:03 UTC (rev 8300)
@@ -108,7 +108,13 @@
     <para>Install <application>iptables</application> by running the following
     commands:</para>
 
-<screen><userinput>./configure --prefix=/usr &&
+<screen><userinput>
+./configure --prefix=/usr     \
+            --bindir=/sbin    \
+            --sbindir=/sbin   \
+            --libdir=/lib     \
+            --libexecdir=/lib \
+            --with-pkgconfigdir=/usr/lib/pkgconfig &&
 make</userinput></screen>
 
     <para>This package does not come with a test suite.</para>
@@ -118,31 +124,23 @@
 <screen role="root"><userinput>make install</userinput></screen>
 
   </sect2>
-<!--
+
   <sect2 role="commands">
     <title>Command Explanations</title>
 
-    <para><command>sed -i 's/name="$node/name="node/' iptables.xslt</command>:
-    This corrects a syntax error in the XSLT stylesheet for use with
-    <command>iptables-xml</command>.</para>
+    <para><parameter>--bindir=/sbin</parameter>, 
+    <parameter>--sbindir=/sbin</parameter>:  Ensure all the executables go
+    in <filename class="directory">/sbin</filename>.</para>
 
-    <para><parameter>PREFIX=/usr LIBDIR=/lib BINDIR=/sbin</parameter>:
-    Compiles and installs <application>iptables</application> modules
-    into <filename class="directory">/lib</filename>, binaries into
-    <filename class="directory">/sbin</filename> and the remainder into
-    the <filename class="directory">/usr</filename> hierarchy instead of
-    <filename class="directory">/usr/local</filename>. Firewalls are
-    generally activated during the boot process and
-    <filename class="directory">/usr</filename> may not be mounted at
-    that time.</para>
+    <para><parameter>--libdir=/lib</parameter>, 
+    <parameter>--libexecdir=/lib</parameter>:  Ensure all the libraries are 
+    in the <filename class="directory">/lib</filename> directory tree.</para>
 
-    <para><parameter>KERNEL_DIR=/usr</parameter>: This parameter is used to
-    point at the sanitized kernel headers in
-    <filename class='directory'>/usr</filename> and not use the raw kernel
-    headers in <filename class='directory'>/usr/src/linux</filename>.</para>
+    <para><parameter>--with-pkgconfigdir=/usr/lib/pkgconfig</parameter>:  
+    Ensure all the pkgconfig files are in the standard location.</para>
 
   </sect2>
--->
+
   <sect2 role="configuration">
     <title>Configuring Iptables</title>
 
@@ -179,8 +177,8 @@
         iptables-multi, ip6tables, ip6tables-restore, ip6tables-save, 
         and ip6tables-multii</seg>
         <seg>libip4tc.so, libip6tc.so, libiptc.so, libxtables.so,
-        and numerous modules in /usr/libexec/xtables/</seg>
-        <seg>/usr/libexec/xtables and /usr/include/libiptc</seg>
+        and numerous modules in /lib/xtables/</seg>
+        <seg>/lib/xtables/xtables and /usr/include/libiptc</seg>
       </seglistitem>
     </segmentedlist>
 




More information about the blfs-book mailing list