kickstart -- refreshing rpm's.
gary artim
gartim at gmail.com
Fri Oct 9 23:07:22 UTC 2009
On Fri, Oct 9, 2009 at 9:21 AM, Mike Cloaked <mike.cloaked at gmail.com> wrote:
>
> By the way there was one other thing I did to make sure that selinux should
> work when I made the bind mount to the changed chroot area:
>
>
> Mike Cloaked wrote:
>>
>>
>> 1) I wanted to have the files in the /opt partition so as not to use up
>> the limited space in the root partition so I did this, but it is not
>> essential.
>> Changed the directory where the mock files are going to be on the /opt
>> partition
>> As root:
>> mkdir /opt/Local/mock
>>
>>
>
> Now make an equivalence of the security contexts for this new area to be the
> same as the original by
> semanage fcontext -a -e /var/lib/mock /opt/Local/mock
> Then
> restorecon /opt/Local/mock should give the same contexts as /var/lib/mock
> and this can be checked using
> ll -Z /opt/Local/mock
> ll -Z /var/lib/mock
>
> Check the mock directory has the correct permissions
> ll -Zd /opt/Local/mock
> drwxrwsr-x. root mock system_u:object_r:var_lib_t:s0 /opt/Local/mock
> ll -Zd /var/lib/mock
> drwxrwsr-x. root mock system_u:object_r:var_lib_t:s0 /var/lib/mock
>
> Then the recipe is as I gave in the previous post.
>
> I ran the build with selinux enforcing and it seems to have worked just fine
> - at least no AVCs popped up!
>
>
> --
> View this message in context: http://www.nabble.com/kickstart----refreshing-rpm%27s.-tp25811684p25824016.html
> Sent from the Fedora List mailing list archive at Nabble.com.
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
> Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
>
lotsa a great thoughts. My inital thought was that I could maybe mount
OVER the current iso so when anaconda does the install it used the
latest rpm. i may be barking up the wrong tree and anaconda may
complain. I've read about filesystems that can be mounted with say a
full image and then a file with changes that override the base system
(forget the name). any thoughts on this or am I just creating work for
myself?
i could do it the %post way mentioned, just need to make the head node
run nat in iptables. i didn't want to do that -- it will get slower as
the release ages into obsolescence. so maybe having an local update
repo.
thanks much for all the feed.
More information about the users
mailing list