https://tinderboxlogs.s3.amazonaws.com/tbamd64.excelsior.flameeyes.eu/net-firewall%3Ashorewall6-4.5.11.2%3A20130226-145614.html Portage 2.2.0_alpha161 (default/linux/amd64/13.0, gcc-4.7.2-asneeded, glibc-2.17, 3.7.0-hardened x86_64) ================================================================= System uname: Linux-3.7.0-hardened-x86_64-AMD_Opteron-TM-_Processor_6272-with-gentoo-2.2 KiB Mem: 65914672 total, 33393308 free KiB Swap: 0 total, 0 free Timestamp of tree: Sat, 09 Feb 2013 16:15:02 +0000 ld GNU ld (GNU Binutils) 2.23.1 distcc 3.1 x86_64-pc-linux-gnu [disabled] ccache version 3.1.9 [disabled] app-shells/bash: 4.2_p42 dev-java/java-config: 2.1.12-r1 dev-lang/python: 2.7.3-r3, 3.2.3-r2 dev-util/ccache: 3.1.9 dev-util/cmake: 2.8.10.2-r1 sys-apps/baselayout: 2.2 sys-apps/openrc: 0.11.8 sys-apps/sandbox: 2.6 sys-devel/autoconf: 2.13, 2.69 sys-devel/automake: 1.4_p6-r1, 1.9.6-r3, 1.10.3, 1.11.6, 1.12.6, 1.13.1 sys-devel/binutils: 2.23.1 sys-devel/gcc: 4.6.3, 4.7.2 sys-devel/gcc-config: 1.8 sys-devel/libtool: 2.4.2 sys-devel/make: 3.82-r4 sys-kernel/linux-headers: 3.7 (virtual/os-headers) sys-libs/glibc: 2.17 Repositories: gentoo tbamd64 ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="*" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe -ggdb -march=native -ftracer -frecord-gcc-switches" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /etc/entropy /opt/openjms/config /usr/lib64/tomoyo/conf /usr/share/bufrtables /usr/share/config /usr/share/gnupg/qualified.txt /usr/share/maven-bin-3.0/conf /usr/share/polkit-1/actions /usr/share/qpsmtpd/plugins /usr/share/themes/oxygen-gtk/gtk-2.0 /var/bind /var/lib/hsqldb /var/lib/neatx/home /var/spool/munin-async/.ssh /var/yp/Makefile" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/games/angband/edit/ /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.3/ext-active/ /etc/php/apache2-php5.4/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cgi-php5.4/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/php/cli-php5.4/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/splash /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CXXFLAGS="-O2 -pipe -ggdb -march=native -ftracer -frecord-gcc-switches" DISTDIR="/var/cache/portage/distfiles" FCFLAGS="-O2 -pipe -ggdb -march=native -frecord-gcc-switches" FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fail-clean fixlafiles merge-sync news parallel-fetch protect-owned sandbox sfperms strict test test-fail-continue unknown-features-warn unmerge-orphans userfetch userpriv usersandbox" FFLAGS="-O2 -pipe -ggdb -march=native -frecord-gcc-switches" GENTOO_MIRRORS="http://ftp.ucsb.edu/pub/mirrors/linux/gentoo/ http://gentoo.mirrors.hoobly.com/ http://gentoo.llarian.net/" LANG="en_US.utf8" LC_ALL="C" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j24" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/tmp" PORTDIR="/var/cache/tinderbox/tree" PORTDIR_OVERLAY="/root/overlay" SYNC="rsync://excelsior.flameeyes.eu/gentoo-portage" USE="3dnow 3dnowex acl amd64 berkdb bzip2 cli cracklib crypt cxx doc dri emacs ffmpeg fortran gnutls gpm iconv icu intl introspection ipv6 mmx modules mudflap multilib ncurses nls nptl openmp pam pax_kernel pcre pdf plasma qt3support readline semantic-desktop session snmp sse sse2 sse3 sse4 ssl ssse3 tcmalloc tcpd udev unicode vhosts zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" PHP_TARGETS="php5-3" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_2" RUBY_TARGETS="ruby18 ruby19" USERLAND="GNU" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON
Changed keepdir to dodir in net-firewall/shorewall6-4.5.11.2-r1
*** Bug 475412 has been marked as a duplicate of this bug. ***
(In reply to Constanze Hausner from comment #1) > Changed keepdir to dodir in net-firewall/shorewall6-4.5.11.2-r1 That's not the fix. init.d scripts should check'n'create the directory during invocation. /var/lock is a symlink to /run/lock which is on tmpfs and empty after reboot.
Now really fixed in 4.5.18 :). Sorry, I was a bit confused there. We already have the check in the initscripts, so we do need neither dodir nor keepdir in the ebuilds. Thanks for pointing that out to me.
(In reply to Constanze Hausner from comment #4) > Now really fixed in 4.5.18 :). > > Sorry, I was a bit confused there. > We already have the check in the initscripts, so we do need neither dodir > nor keepdir in the ebuilds. > > Thanks for pointing that out to me. You're still missing the point. In what I might term as modern Linux filesystems, you don't use /var/lock at all anymore. You use /run/lock instead.
Hi, I forked shorewall (because 4.5.17 had a serious bug which took too long for me to get fixed). I also fixed the /var/lock issue the right way, at least I I think so. See <https://github.com/Whissi/gentoo-overlay/blob/master/net-firewall/shorewall/files/shorewall.conf-SUBSYSLOCK.patch>. Maybe Jeroen can also answer if it is valid.
@jer I'm sorry, if I'm missing the point. I didn't know that the use of /var/lock is disapproved. Is this documented somewhere? I didn't find anything abount using it at runtime in the tracker bug. @Thomas Good to see, that you're invested in this package. I don't use shorewall, so I often miss updates or security problems, sorry. Would you like to proxy-maintain this package?
*** Bug 477274 has been marked as a duplicate of this bug. ***
problem is still in 4.5.18, while it was not in 4.5.15 i have 2 diff gentoo installs that have this problem, have created /var/lock/subsys now this resolves it for me for now
Hi, fist, this problem will be finally patched in the upcoming week, when Constanze will publish a new version. You may run into a problem, because in 4.5.18 Constanze tried to fix the problem by moving the creation from ebuild to the init.d script (this wlll avoid emerge's QA message, but doesn't fix the initial problem). So if you now do a fresh installation and use /sbin/shorewall* before you executed /etc/init.d/shorewall* you may get an error, because the directory is missing. Thanks for the report. Again, I hope this will be fixed with the upcoming version next week.
Fixed by Thomas in 4.5.19. Thank you Thomas :).
Fix also backported to 4.5.18-r1 by Thomas D.
