X-Original-To: alpine-devel@lists.alpinelinux.org
Delivered-To: alpine-devel@mail.alpinelinux.org
Received: from mail-vc0-f182.google.com (mail-vc0-f182.google.com [209.85.220.182])
	(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
	(No client certificate requested)
	by mail.alpinelinux.org (Postfix) with ESMTPS id A6D77DC022A
	for <alpine-devel@lists.alpinelinux.org>; Fri, 19 Oct 2012 12:35:40 +0000 (UTC)
Received: by mail-vc0-f182.google.com with SMTP id fw7so506874vcb.13
        for <alpine-devel@lists.alpinelinux.org>; Fri, 19 Oct 2012 05:35:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=VhjxZ8o3qjcFJi3yoXzFi3QUhKon57IitF7kdM+jPOI=;
        b=fa38g+uzDtYyHxJz2QyTsHr7b8JkOa1Peq9GvU5vUfuhQWftBypIiR80o5zbv9FtG7
         WUjA93dikAPbfHlFph3NPtuxF2XAeuAWq8lxne5wEprY8719hEKooknglCTTjtfXhR2E
         iCUnwLKPffP3piWaIy2e0XYfKEu1fIhobGImcwg0ThWmw9p9dmj64o/R1kCQvMVJ1QLG
         +nzW2qWmEKSQc8TTBoh9YVRFrbEZ7xrhl5hRb3xu6GWlZpDnPMOFpc5acJUAI2n/r4vZ
         sYfEHnZDLFzXJRE1fUgvdxdHzyTIdsfTEGxOtTbJeQYOp4jXXOch3vzFEiAFGQvPT3Mt
         li9A==
X-Mailinglist: alpine-devel
Precedence: list
List-Id: Alpine Development <alpine-devel.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-devel+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-devel@lists.alpinelinux.org>
List-Help: <mailto:alpine-devel+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-devel+subscribe@lists.alpinelinux.org?subject=subscribe>
MIME-Version: 1.0
Received: by 10.220.153.78 with SMTP id j14mr1335895vcw.33.1350650139299; Fri,
 19 Oct 2012 05:35:39 -0700 (PDT)
Received: by 10.58.196.133 with HTTP; Fri, 19 Oct 2012 05:35:39 -0700 (PDT)
In-Reply-To: <c59cde94054c6e6060b2425da6b5040f@qcslink.com>
References: <CAPH1gWFhrfhQi_ugH=6qE7T1pN4O0X9Tc7jUv=3SCoXsanyidw@mail.gmail.com>
	<c59cde94054c6e6060b2425da6b5040f@qcslink.com>
Date: Fri, 19 Oct 2012 14:35:39 +0200
Message-ID: <CAPH1gWE=yoBtkfTRkmSTgj2eDrxhfWW4YD4Ge+rUVb+-9vdo3w@mail.gmail.com>
Subject: Re: [alpine-devel] AWall Policy files
From: Mika Havela <mika.havela@gmail.com>
To: elactrum@jamailca.com
Cc: alpine-devel@lists.alpinelinux.org
Content-Type: text/plain; charset=ISO-8859-1

Thank you for your suggestion.
You could put your Policy files directly in /etc/awall, but then you
would not be able to 'awall disable' such policies (unless I
misunderstood it).
I really like the feature that you can 'awall enable|disable'.
So if AWall would to look in /etc/awall/policy.d/ in addition to
/usr/share/awall/optional/ then the 'awall disable|enable' feature
would still work.

Thanks for your feedback!
<<mhavela>>

On Fri, Oct 19, 2012 at 2:26 PM,  <elactrum@jamailca.com> wrote:
> On 2012-10-19 02:47, Mika Havela wrote:
>>
>> Hi!
>> Thanks for working on AWall!
>>
>> I have a question about where AWall Policy files are/should be saved.
>> As I understand it, AWall will look for user-created Policy files in
>> '/usr/share/awall/optional'.
>> Technically it works fine.
>> But when using AWall on Alpine that boots from read only media, you
>> will need to add this additional step when configuring AWall
>>   lbu include /usr/share/awall/optional
>> (If you have HDD installed Alpine you can skip the above step.)
>> But /each/ time read only media (eg. USB,CD,CF,...) is used, you will
>> need to remember to do the 'lbu inc...' step or you will loose your
>> configs at next reboot.
>>
>> Most other packages in Alpine saves config-files in '/etc' and
>> therefore 'lbu' takes care of these automatically without forcing user
>> to run 'lbu inc'.
>> If AWall would do the same (in addition to read Policy files from
>> '/usr/share/awall/optional') then it might reduce situations when a
>> user sets up AWall but loses their config at next reboot because they
>> forgot to run 'lbu inc /usr/share/awall/optional'.
>>
>> My suggestion for improving AWall would be that we make AWall read for
>> Policy files from:
>> * /usr/share/awall/optional/ (as it already does)
>> * /etc/awall/policy.d/ (or some other appropriate dir name that
>> indicates that here are some Policies that could be enabled/activated)
>>
>> This way users could be directed to create their own policies in
>> '/etc/awall/policy.d/' and as long as they run 'lbu ci' (which they
>> would when running on read only media) then they will not lose
>> anything.
>> '/usr/share/awall/optional/' could be a path where 'apk' can store
>> AWall policies that comes from some package(s).
>>
>> Might be AWall already has takes care about the 'lbu' issue mentioned
>> above, in that case please direct me where user-specific configs
>> should be stored (preferably somewhere in /etc/).
>>
>
> I believe that you can place user-specific policies in /etc/awall, according
> to http://wiki.alpinelinux.org/wiki/Alpine_Wall_User%27s_Guide.
>
> I think that the idea is that /usr/share/awall/optional will be used for
> policies that come from apk packages, and then these can be enabled or
> disabled from /etc/awall.
>
> Hope that helps.
>
> -Andrew
>
>
>> These where just some thoughts about AWall improvements.
>>
>> <<mhavela>>
>
>
>
>
> ---
> Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
> Help:         alpine-devel+help@lists.alpinelinux.org
> ---
>


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---