Hi, >> ------------------------------------------------------------ >> revno: 5952 >> committer: David Martin<david.martin.mailbox@xxxxxxxxxxxxxx> >> branch nick: hipl_init-scripts >> timestamp: Tue 2011-06-07 16:33:45 +0200 >> message: >> Require network and local filesystem to be initialized in init scripts. >> >> The HIPL daemons should only be started after the filesystems and the >> network have been already set up. They should be exited before the >> filesystems and network gets teared down as well. >> >> Documentation on possible boot dependencies can be found here: >> http://refspecs.freestandards.org/LSB_3.1.0/LSB-Core-generic/ \ >> LSB-Core-generic/facilname.html >> modified: >> debian/hipl-daemon.init >> debian/hipl-dnsproxy.init >> debian/hipl-firewall.init > > did you commit this because you encountered some problem in practice? nope, there were no problems in practice. It came up during commit reviews. Are you in the pisa and pisa-dev mailing lists? See this topic //www.freelists.org/post/pisa-src/r2607-in-trunkdebian-pisaclientdaemoninit-pisaserverdaemoninit,1 > I would actually disagree with the network part of this commit assuming it > was not a practical problem. Now that the HIP stuff is not initialized > before network, it is possible that some of the communications leak without > proper HIP handling, namely: > > 1. Incoming/outgoing HIP packets that should be blocked by hipfw > 2. Outgoing DNS requests that escape HIP DNS proxy > > The list of services to be started before HIP is now: > > $local_fs $remote_fs $syslog $network > > So, now the compromised list of services includes standard stuff such > NFS(v3) client (due to 2), NFSv3 server (due to 2), remote syslog servers > (due to 2) and basically any other service started during boot up. The > $remote_fs and $syslog were enabled earlier, but was that really thought > out? You make a good point there. I'm not sure if the settings were really thought out when they were set like that. - we do need the local filesystem, that's for sure, right? So that should be in it. - we do only work on our local filesystem so $remote_fs may be scrapped? - we do use syslog for logging so this should be kept in - for the reasons you stated we may not want to wait for an active network connection, so this can be removed as well I'll commit it like that and we will see if any problems come up. David