Mailinglist Archive: opensuse-security (320 mails)

< Previous Next >
Re: [suse-security] What's keeps changing my inet.d sequence
  • From: John Andersen <jsa@xxxxxxxxxxxxxx>
  • Date: Thu, 22 May 2003 21:41:37 -0800
  • Message-id: <200305222141.37812.jsa@xxxxxxxxxxxxxx>
On Thursday 22 May 2003 09:57, Arjen de Korte wrote:
> On Thursday 22 May 2003 10:08, John Andersen wrote:
> I'm taking this off-list, since I can't find anything security related to
> this thread...
> [
> ...]
> > I have a similar case.
> >
> > In my case, insserv insists on starting Shorewall AFTER vmware
> > in spite of my having vmware as a pre-requsite to shorewall.
> So? This is correct. If you put vmware in the list of Required-Start, it
> will place the link to the shorewall startup script AFTER the link to the
> vmware startup script. Provided that you have used insserv to enter vmware
> in the runlevel directories as well.

I mis-typed. I meant to say that shorewall starts BEFORE vmware even
though I have this in the Shorewall script:
# Provides: shorewall
# Required-Start: $network vmware
# Required-Stop:
# Default-Start: 2 3 5
# Default-Stop: 0 1 6
# Description: starts and stops the shorewall firewall

> > But the METHOD of changing the names (hence the order) of the
> > runlevel scripts is all we are discussing, the fact that you MUST
> > change the script name to change the order is a given.
> The name of the script has nothing to do with it. See for yourself in the
> /var/log/boot.msg file. It is the (alphabetical) order of the links to the
> scripts in /etc/init.d/rc?.d that matters.

Yes, of course, I was referring to the names of the links, as I mentioned in
the part you clipped where I said:

As you know, the alphabetical order of the links
in the /etc/init.d/rc?.d directory sets the order they are run. If those
are wrong the Optimum way you make them right is setting the Required-Start
list to include network and running insserv.

I originally thought your first post implied that these orders should never
be changed because of what you said:
"I'm still not convinced of a valid reason to change the startup order."

It now seems that we fully agree that changing the start up order is necessary
and the method to do so involves manipulating the names of the links, either
manually or via insserv

My problem remains that insserv was failing to honor the Required-Start as
listed in the above snip of my shorewall script

However, while putting together this message I noticed that the vmware
script has these lines in it...

# Provides: VMware
# Required-Start: $network $syslog
# Required-Stop:
# Default-Start: 3 5
# Default-Stop:
# Description: Manages the services needed to run VMware software

The name of the script is "vmware" and thats the name I used inside
my shorewall script for the "Required-Start".

But I just noticed that the CaPiTaLiZaTiOn of the vmware script name differs
with its "Provides" list. Running some tests with the capitalization
corrected shows that it does indeed work.

Grep-ing the scripts, I see that the vmware script is the ONLY one where
the "Provides" differs in capitilzation from the script name. A trap for the
unwary. I stand corrected.

I hope you don't mind me putting this BACK on the security list, because
a) that's where I badmouthed insserv and so should post my retraction there,
b) it has a chance of being picked up by google there and that might
help the next guy, and
c) one's firewall failing to start because of a capitalization error is a
security issue in my eyes.

John Andersen

< Previous Next >
Follow Ups