[Thincrust-devel] [Fwd: [Ovirt-devel] [PATCH] Add additional blacklisting and rpm removal to managed node]
Perry N. Myers
pmyers at redhat.com
Tue Jul 1 13:40:26 UTC 2008
Bryan Kearney wrote:
>
>
> Perry N. Myers wrote:
>> Alan Pevec wrote:
>>> Bryan Kearney wrote:
>>>> It appears that the interpreter needs to handle the entire post
>>>> section. Is that correct?
>>>
>>> yes, but you can have multiple %post sections, normal w/ shell and
>>> this one with a special interpreter
>>> see ImageCreator.__run_post_scripts()
>>>
>>>> Did the fact that the file command was on the same line matter in
>>>> your example? Or.. could I have written this and gotten the same
>>>> results:
>>>>
>>>> file /usr/bin/hal-get-property
>>>> drop /etc/pango
>>>> drop /usr/bin/hal-*
>>>
>>> Yes, that's how I wanted it, one action per line but Thunderbird
>>> messed up my copy/paste, sorry.
>>> The only thing you put differently is the precedence: I think it
>>> would be intuitive to have white/blacklist actions on the same level
>>> and that order matters, so it would be:
>>>
>>> drop /etc/pango
>>> drop /usr/bin/hal-*
>>> file /usr/bin/hal-get-property
>>
>> Wouldn't this make more sense:
>> file /usr/bin/hal-get-property
>> drop /usr/bin/hal-*
>> drop /etc/pango
>>
>> Since in this case hal-get-property is marked as persistent before you
>> go and delete everything hal-*?
>>
>> In the other ordering you would delete hal-* first and then when you
>> get to whitelisting hal-get-property it's already gone. Unless of
>> course the ordering of the list is irrelevant and you set a precedence
>> that whitelisted files always trump blacklisted files.
>>
> I think I like the model that WL is always the trump. That way you omit
> subtle errors from ordering. If you list it, it stays.
>
> Question.. can you whitelist a directory?
I think you want to allow whitelisting of directories.
But, if you allow whitelisting of directories, is the WL recursive? Maybe
there needs to be a different parameter to indicate that sort of stuff...
Recursiveness also will come into play with the blacklisting directives
as well.
Perry
More information about the ovirt-devel
mailing list