On 06/24/2013 01:01 PM, Tom Eastep wrote:
> On 06/24/2013 12:23 PM, Tom Eastep wrote:
>> On 06/24/2013 08:32 AM, Tom Eastep wrote:
>>> On 06/23/2013 08:47 PM, David Iannucci wrote:
>>>> On Sun, Jun 23, 2013, at 14:56, Tom Eastep wrote:
>>>>> Before I wade through this, I would like to know if you can reproduce
>>>>> this on the current Shorewall version.
>>>>>
>>>>> -Tom
>>>>
>>>> The latest available to me in Gentoo's portage is 4.5.17. I've upgraded
>>>> and sorry to say, the exact same thing is still happening. The output
>>>> of shorewall trace check also looks very similar, although I haven't
>>>> carefully compared the two. Let me know if you want logs from 4.5.17.
>>>
>>>
>>> Yes, please. And also please redirect Standard Error to Standard Out
>>> (e.g., '2>&1').
>>
>> Another useful experiment would be to set LOAD_HELPERS_ONLY=Yes. Does
>> the message still appear? If so, where in the output?
>
> We can also determine where the problem is coming from using the Perl
> debugger with "LOAD_HELPERS_ONLY=No".
>
> Run 'shorewall check -d'.
>
> At the first debugger prompt, type
>
> b Shorewall::Config::determine_capabilities
>
> At the second debugger prompt, type
>
> c
>
> At the next debugger prompt, type
>
> n
>
> At subsequence prompts, simply hit the enter key. Continue until the
> error message appears; then type
>
> q
>
> Here's a sample session:
>
> root@gateway:/etc/shorewall# shorewall check -d
> Checking...
>
> Loading DB routines from perl5db.pl version 1.32
> Editor support available.
>
> Enter h or `h h' for help, or `man perldebug' for more help.
>
> main::(/usr/share/shorewall/compiler.pl:85):
> 85: my $export = 0;
> DB<1> b Shorewall::Config::determine_capabilities
> DB<2> c
> Processing /etc/shorewall/params ...
> Processing /etc/shorewall/shorewall.conf...
> Loading Modules...
> Shorewall::Config::determine_capabilities(/usr/share/shorewall/Shorewall/Config.pm:4262):
> 4262: my $pid = $$;
> DB<2> n
> Shorewall::Config::determine_capabilities(/usr/share/shorewall/Shorewall/Config.pm:4264):
> 4264: $capabilities{CAPVERSION} = $globals{CAPVERSION};
> DB<2>
> Shorewall::Config::determine_capabilities(/usr/share/shorewall/Shorewall/Config.pm:4266):
> 4266: determine_kernelversion;
> DB<2>
> Shorewall::Config::determine_capabilities(/usr/share/shorewall/Shorewall/Config.pm:4268):
> 4268: $sillyname = "fooX$pid";
> DB<2>
> Shorewall::Config::determine_capabilities(/usr/share/shorewall/Shorewall/Config.pm:4269):
> 4269: $sillyname1 = "foo1X$pid";
> DB<2>
> Shorewall::Config::determine_capabilities(/usr/share/shorewall/Shorewall/Config.pm:4271):
> 4271: qt1( "$iptables -N $sillyname" );
> DB<2> q
> Shorewall::Config::determine_capabilities(/usr/share/shorewall/Shorewall/Config.pm:4272):
> root@gateway:
And if, as I suspect, the error message appears after executing this code:
$capabilities{OWNER_NAME_MATCH}
= detect_capability( 'OWNER_NAME_MATCH' );
then apply the attached patch.
Thanks,
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
commit fc754040d5703649b1dfcd5f220b0a1c410ec5a5 Author: Tom Eastep <[email protected]> Date: Mon Jun 24 09:51:32 2013 -0700 Avoid shell error when detecting owner name match Signed-off-by: Tom Eastep <[email protected]> diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index e47d139..7b00053 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -3739,6 +3739,7 @@ sub Owner_Match() { sub Owner_Name_Match() { if ( my $name = `id -un 2> /dev/null` ) { + chomp $name; qt1( "$iptables -A $sillyname -m owner --uid-owner $name -j ACCEPT" ); } }
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
