On Thu, Dec 12, 2013 at 03:18:31PM +0100, Vitaly Kuznetsov wrote: > > ami-3b361952 : us-east-1 image for i386 > > ami-1337187a : us-east-1 image for x86_64 > Compared to TC5 images: > 1) iptables-services package is missing in RC1
This is intentional and by popular demand -- in an IaaS environment, the cloud provider's security groups or equivalent concept provides the firewall. If one wants defense-in-depth it's easy to install iptables-services or firewalld with cloud-init. > 2) SELinux contexts. It gets better :-) > In TC5 if you remember we had: > # restorecon -R -v -n -e /proc -e /sys -e /tmp -e /run -e /dev / > restorecon reset /boot/extlinux/ldlinux.sys context > system_u:object_r:file_t:s0->system_u:object_r:boot_t:s0 > restorecon reset /var/cache/yum context > system_u:object_r:file_t:s0->system_u:object_r:rpm_var_cache_t:s0 > restorecon reset /var/log/boot.log context > system_u:object_r:var_log_t:s0->system_u:object_r:plymouthd_var_log_t:s0 > restorecon reset /var/log/cron context > system_u:object_r:var_log_t:s0->system_u:object_r:cron_log_t:s0 I'm pre-creating the two log files, so they end up right. > In RC1 we have only these: > # restorecon -R -v -n -e /proc -e /sys -e /tmp -e /run -e /dev / > restorecon reset /var/cache/yum context > system_u:object_r:file_t:s0->system_u:object_r:rpm_var_cache_t:s0 > restorecon reset /boot/extlinux/ldlinux.sys context > system_u:object_r:file_t:s0->system_u:object_r:boot_t:s0 I tried to be clever with changing ldlinux.sys from immutable and back again but apparently that doesn't do it. (Since this isn't ever actually run on the system, only _before_ the system, and not on EC2 at all, the side-effects of a wrong context should be small.) I'm more concerned about /var/cache/yum, since that is already precreated and should already be right. -- Matthew Miller -- Fedora Project Architect -- <[email protected]> _______________________________________________ cloud mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/cloud Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
