[Thincrust-devel] [Fwd: [Ovirt-devel] [PATCH] Add additional blacklisting and rpm removal to managed node]
Bryan Kearney
bkearney at redhat.com
Tue Jul 1 13:32:00 UTC 2008
Perry N. Myers wrote:
> Alan Pevec wrote:
>> Bryan Kearney wrote:
>>> It appears that the interpreter needs to handle the entire post
>>> section. Is that correct?
>>
>> yes, but you can have multiple %post sections, normal w/ shell and
>> this one with a special interpreter
>> see ImageCreator.__run_post_scripts()
>>
>>> Did the fact that the file command was on the same line matter in
>>> your example? Or.. could I have written this and gotten the same
>>> results:
>>>
>>> file /usr/bin/hal-get-property
>>> drop /etc/pango
>>> drop /usr/bin/hal-*
>>
>> Yes, that's how I wanted it, one action per line but Thunderbird
>> messed up my copy/paste, sorry.
>> The only thing you put differently is the precedence: I think it would
>> be intuitive to have white/blacklist actions on the same level and
>> that order matters, so it would be:
>>
>> drop /etc/pango
>> drop /usr/bin/hal-*
>> file /usr/bin/hal-get-property
>
> Wouldn't this make more sense:
> file /usr/bin/hal-get-property
> drop /usr/bin/hal-*
> drop /etc/pango
>
> Since in this case hal-get-property is marked as persistent before you
> go and delete everything hal-*?
>
> In the other ordering you would delete hal-* first and then when you get
> to whitelisting hal-get-property it's already gone. Unless of course
> the ordering of the list is irrelevant and you set a precedence that
> whitelisted files always trump blacklisted files.
>
I think I like the model that WL is always the trump. That way you omit
subtle errors from ordering. If you list it, it stays.
Question.. can you whitelist a directory?
-- bk
More information about the Thincrust-devel
mailing list