(May 24 2005 16:12) [EMAIL PROTECTED] wrote: > Hello all, > > Ive been using trustix with vservers (www.linux-vserver.org) for quite some > time > now. > > Every now and then i get some problems with the auto updates swup does! > > The problemas are, mainly, postfix bootings up automagically after updates
postfix will only be (re)started if it is set to start upon boot. Use to chkconfig utility to determin what should get started or not. Postfix is set to start upon boot per default, as it is in charge of delivering local mail. It is not configured to access any exernal interfaces, so it's not a security risk. The reason for automatically restarting services like this is beacuse swup will, from time to time, replace some of the dynamic libraries with patched ones, and if services that use these libraries are not restarted, the old process still uses the old, unpatched, libraries. > Is there a way to force postfix NOT to be started after a update [unless it is > configured to do so?] It only happens if it's configured to happen, and the way to configure it not to happen is: chkconfig postfix off Only do this if you really know what you are doing. > and my /etc/init.d/network scripts which keep getting changed! [i > usually call my iptables_firewall script from there]. Config files (files that are marked as this in the rpm packages) are not touched by swup or rpm if they are changed in some way. The problem in your case is that /etc/init.d/network is not a config file, although you expect it to be. Any changes in /etc/init.d/network will be lost _every_ time you upgrade the initscripts package which owns the file. Thus it is not wise to run your iptables_firewall script from there. In your situation you need to use the iptables initscript instead. add your rules to "/etc/sysconfig/iptables-ipv4.d/start" and they will be used when the iptables startup script is started. > and is there any feature that enables us to make a list of files that > CANT get changed with updates? No. These is done in the packages directly. We try to make sure that all configuration files are really marked as configuration files, but sometimes we miss one. This is not the case here. > Off course i want the network packages to be updated! But i dont want > /etc/init.d/network to be changed :o) You _do_ want /etc/init.d/network to be changed. However, you also want to use /etc/init.d/iptables the way it is intended instead of editing startup scripts of various packages. kind regards c -- Christian H. Toldnes Trustix Developer _______________________________________________ tsl-discuss mailing list [email protected] http://lists.trustix.org/mailman/listinfo/tsl-discuss
