/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Blacklist useless/danagerous updates in a VM #250

Closed
marmarek opened this Issue Mar 8, 2015 · 6 comments

Comments

Assignees

@rootkovska rootkovska

Labels
Projects
None yet
Milestone
  Release 1 Beta 2
2 participants
@marmarek @rootkovska
@marmarek
Member

marmarek commented Mar 8, 2015

Reported by joanna on 1 Jul 2011 12:14 UTC

  • kernel
  • Xorg

Migrated-From: https://wiki.qubes-os.org/ticket/250
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Mar 8, 2015

Member

Modified by joanna on 1 Jul 2011 13:27 UTC
Member

marmarek commented Mar 8, 2015

Modified by joanna on 1 Jul 2011 13:27 UTC

@marmarek marmarek assigned rootkovska Mar 8, 2015

@marmarek marmarek added this to the Release 1 Beta 2 milestone Mar 8, 2015

@marmarek marmarek added bug C: core P: major P: minor and removed P: major labels Mar 8, 2015

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Mar 8, 2015

Member

Comment by joanna on 17 Jul 2011 21:14 UTC
This is especially annoying now, when we do not install our own kernel in VMs and when we have read-only /lib/modules. Any update of the template will likely want to update the kernel, which however fails because of the above.

So, we should really black list installation of kernel via yum. Alternatively we should not install kernel package in the VM -- can this be done easily?
Member

marmarek commented Mar 8, 2015

Comment by joanna on 17 Jul 2011 21:14 UTC
This is especially annoying now, when we do not install our own kernel in VMs and when we have read-only /lib/modules. Any update of the template will likely want to update the kernel, which however fails because of the above.

So, we should really black list installation of kernel via yum. Alternatively we should not install kernel package in the VM -- can this be done easily?

@marmarek marmarek added P: major and removed P: minor labels Mar 8, 2015

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Mar 8, 2015

Member

Comment by marmarek on 25 Jul 2011 00:04 UTC
exclude= setting in yum.conf should do the work.
Member

marmarek commented Mar 8, 2015

Comment by marmarek on 25 Jul 2011 00:04 UTC
exclude= setting in yum.conf should do the work.
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Mar 8, 2015

Member

Comment by joanna on 25 Jul 2011 08:08 UTC
Indeed, adding:

exclude=kernel, xorg-*

at the end of /etc/yum.conf, solves the problem. Questions:

  1. Do we want to add this option as part of e.g. qubes-corevm's %post?
  2. Do we want to blacklist some more packages?
Member

marmarek commented Mar 8, 2015

Comment by joanna on 25 Jul 2011 08:08 UTC
Indeed, adding:

exclude=kernel, xorg-*

at the end of /etc/yum.conf, solves the problem. Questions:

  1. Do we want to add this option as part of e.g. qubes-corevm's %post?
  2. Do we want to blacklist some more packages?
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Mar 8, 2015

Member

Modified by joanna on 30 Jul 2011 09:15 UTC
Member

marmarek commented Mar 8, 2015

Modified by joanna on 30 Jul 2011 09:15 UTC
@marmarek

@marmarek marmarek closed this Mar 8, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment