Stephan Wiesand wrote:
> Hi again,
> 
> On Wed, 21 Mar 2007, Stephan Wiesand wrote:
> 
>> modulo the quoting required to prevent the `fs wscell` from being 
>> evaluated on the build machine (I think it doesn't really matter 
>> whether it's evaluated
> 
> that, of course, was nonsense. It's not evaluated during build, and it 
> *is* important that it's evaluated in the init script and not during %post.
> 
> 
> There's a first cut in http://www-zeuthen.desy.de/~wiesand/SL/
> 
> The interesting part of the spec is:
> 
> 
> %post
> 
> fs setcell `fs wscell |cut -d \' -f2` -nosuid >/dev/null 2>&1
> :
> 
> %triggerin -- openafs
> 
> grep -q nosuid /etc/init.d/afs && exit 0
> sed -i "/AFS_POST_INIT/ifs setcell \`fs wscell |cut -d \\\' -f2\` 
> -nosuid" /etc/init.d/afs
> :
> 
> %postun
> 
> sed -i '/nosuid/d' /etc/init.d/afs
> :
> 
> 
> Tested:
>  - %post does its job, failing quietly if no client running
>  - trigger does its job, whether or not a client is running
>  - %postun returns the file to its previous state
> 
> 
> Anything I missed?
> 
>   Stephan
> 

I think it looks good.
I can't find a test that verifies that the nosuid is set on the cell.  I 
want to verify that it worked, but I'm having a hard time.
Troy

-- 
__________________________________________________
Troy Dawson  [log in to unmask]  (630)840-6468
Fermilab  ComputingDivision/LCSI/CSI DSS Group
__________________________________________________