Alan Pevec
2008-Jun-30 22:02 UTC
[Thincrust-devel] [Fwd: [Ovirt-devel] [PATCH] Add additional blacklisting and rpm removal to managed node]
Bryan Kearney wrote:> Cross posting from our friends over at ovirt. > > Question for folks on the list.. how would you like to see > whitelisting/blacklisting implemented? I could see it > > 1) A second file in addition to the kickstart file. > 2) Embedded in the kickstart file. > 3) A completely separate post-process step. > > I tend to like (1) since it allows one step, and does not add a new > syntax to the kickstart file. Comments from folks?I'd like we find a way to embed this in the ks w/o adding new syntax e.g. implement appliance-filter as a script interpreter %post --interpreter=/usr/bin/appliance-filter drop /etc/pango drop /usr/bin/hal-* file /usr/bin/hal-get-property ... drop is a blacklist and file is whitelist action, so above would be the equivalent of: # rm -rf /etc/pango /usr/bin/hal-device /usr/bin/hal-disable-polling /usr/bin/hal-find-by-capability /usr/bin/hal-find-by-property /usr/bin/hal-is-caller-locked-out /usr/bin/hal-is-caller-privileged /usr/bin/hal-lock /usr/bin/hal-set-property /usr/bin/hal-setup-keymap
Bryan Kearney
2008-Jul-01 11:30 UTC
[Thincrust-devel] [Fwd: [Ovirt-devel] [PATCH] Add additional blacklisting and rpm removal to managed node]
Alan Pevec wrote:> Bryan Kearney wrote: >> Cross posting from our friends over at ovirt. >> >> Question for folks on the list.. how would you like to see >> whitelisting/blacklisting implemented? I could see it >> >> 1) A second file in addition to the kickstart file. >> 2) Embedded in the kickstart file. >> 3) A completely separate post-process step. >> >> I tend to like (1) since it allows one step, and does not add a new >> syntax to the kickstart file. Comments from folks? > > I'd like we find a way to embed this in the ks w/o adding new syntax > e.g. implement appliance-filter as a script interpreter > > %post --interpreter=/usr/bin/appliance-filter > drop /etc/pango > drop /usr/bin/hal-* file /usr/bin/hal-get-property > ...It appears that the interpreter needs to handle the entire post section. Is that correct?> > drop is a blacklist and file is whitelist action, so above would be the > equivalent of: > # rm -rf /etc/pango /usr/bin/hal-device /usr/bin/hal-disable-polling > /usr/bin/hal-find-by-capability /usr/bin/hal-find-by-property > /usr/bin/hal-is-caller-locked-out /usr/bin/hal-is-caller-privileged > /usr/bin/hal-lock /usr/bin/hal-set-property /usr/bin/hal-setup-keymapDid the fact that the file command was on the same line matter in your example? Or.. could I have written this and gotten the same results: file /usr/bin/hal-get-property drop /etc/pango drop /usr/bin/hal-* -- bk