[Ovirt-devel] [PATCH ovirt-node-image] enable policy utility newrole for initscripts

Alan Pevec apevec at redhat.com
Thu Nov 20 02:18:50 UTC 2008


---
 common-pkgs.ks      |    1 +
 ovirt-node-image.ks |    9 +++++++++
 2 files changed, 10 insertions(+), 0 deletions(-)

diff --git a/common-pkgs.ks b/common-pkgs.ks
index 6588582..2f0ef75 100644
--- a/common-pkgs.ks
+++ b/common-pkgs.ks
@@ -4,6 +4,7 @@ kernel
 hwdata
 passwd
 policycoreutils
+policycoreutils-newrole
 rootfiles
 dhclient
 openssh-clients
diff --git a/ovirt-node-image.ks b/ovirt-node-image.ks
index c974173..96e0193 100644
--- a/ovirt-node-image.ks
+++ b/ovirt-node-image.ks
@@ -14,6 +14,15 @@ rm -f /var/lib/rpm/__db*
 
 touch /.autorelabel
 
+# enable newrole for initscripts
+augtool <<EOF
+ins 0 before /files/etc/pam.d/newrole/1
+set /files/etc/pam.d/newrole/0/type auth
+set /files/etc/pam.d/newrole/0/control sufficient
+set /files/etc/pam.d/newrole/0/module pam_rootok.so
+save
+EOF
+
 %end
 
 %post
-- 
1.5.6.5




More information about the ovirt-devel mailing list