[Thincrust-devel] [Fwd: [Ovirt-devel] [PATCH] Add additional blacklisting and rpm removal to managed node]
Bryan Kearney
bkearney at redhat.com
Tue Jul 1 11:30:17 UTC 2008
Alan Pevec wrote:
> Bryan Kearney wrote:
>> Cross posting from our friends over at ovirt.
>>
>> Question for folks on the list.. how would you like to see
>> whitelisting/blacklisting implemented? I could see it
>>
>> 1) A second file in addition to the kickstart file.
>> 2) Embedded in the kickstart file.
>> 3) A completely separate post-process step.
>>
>> I tend to like (1) since it allows one step, and does not add a new
>> syntax to the kickstart file. Comments from folks?
>
> I'd like we find a way to embed this in the ks w/o adding new syntax
> e.g. implement appliance-filter as a script interpreter
>
> %post --interpreter=/usr/bin/appliance-filter
> drop /etc/pango
> drop /usr/bin/hal-* file /usr/bin/hal-get-property
> ...
It appears that the interpreter needs to handle the entire post section.
Is that correct?
>
> drop is a blacklist and file is whitelist action, so above would be the
> equivalent of:
> # rm -rf /etc/pango /usr/bin/hal-device /usr/bin/hal-disable-polling
> /usr/bin/hal-find-by-capability /usr/bin/hal-find-by-property
> /usr/bin/hal-is-caller-locked-out /usr/bin/hal-is-caller-privileged
> /usr/bin/hal-lock /usr/bin/hal-set-property /usr/bin/hal-setup-keymap
Did the fact that the file command was on the same line matter in your
example? Or.. could I have written this and gotten the same results:
file /usr/bin/hal-get-property
drop /etc/pango
drop /usr/bin/hal-*
-- bk
More information about the Thincrust-devel
mailing list