On Thu, Aug 28, 2008 at 10:21:44AM -0400, Jeremy Katz wrote: > On Thu, 2008-08-28 at 15:07 +0100, Daniel P. Berrange wrote: > > The way we currently do it is include lokkit packages at first, and then > > use a %post script to uninstall python and everything using it. Unless > > someone wants to re-implement entire of lokkit in C, I don't see any > > other viable approach other than this uninstall in %post. > > The irony is that lokkit was originally written in C. But to add all of > the functionality that people continued to want, it was rewritten in > python years ago :)
The ever increasing functionality of lokkit is incredibly a poor design choice :-( For libvirt to register iptables rules, SELinux policy had to be changed to allow libvirtd to run lokkit. This has the dubious side-effect of now giving libvirtd permission to turn off SELinux. Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- Fedora-livecd-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/fedora-livecd-list
