Menu
▾
▴
Re: [Ltsp-developer] Serious flaw in virtual-ltsp scripts
|
From: Dashamir H. <das...@gm...> - 2018-10-06 08:40:42
|
On Sat, Oct 6, 2018 at 8:09 AM Alkis Georgopoulos <al...@gm...> wrote: > `man lts.conf` and read about RM_SYSTEM_SERVICES there. > The services that are disabled by default on fat clients are listed in: > /usr/share/ltsp/init-ltsp.d/50-rm-system-services > > I.e. you just need a line in your lts.conf to prevent all the additional > services that you installed from running on thin/fat clients. > Thanks Alkis, this should solve the problem. By the way, `man lts.conf` gives a "No manual entry for lts.conf" error. I am referring to this page, which may be a bit outdated but should still be ok: http://manpages.ubuntu.com/manpages/xenial/man5/lts.conf.5.html However, I think that this is not a very "clean" solution, since all the extra files installed by the extra packages will still go to the client image. If there was some option like RM_PACKAGES which automatically removes all the files of the listed packages, this could be better. But it still does not solve the problem of the software that is compiled and installed manually. By looking at the code of `/usr/share/ltsp/ltsp-cleanup` I get the impression that any scripts listed on `/etc/ltsp/cleanup.d` will be called automatically, besides the scripts on `/usr/share/ltsp/cleanup.d`, if the option `--cleanup` is used. If this is true, then I can create for example a script like `/etc/ltsp/cleanup.d/50-guacamole` which removes from the client everything installed by `guacamole.sh` (including apache, tomcat, mysql, etc.) If this works, it would be a cleaner solution. I have to try it. By the way, I haven't seen this documented somewhere (or maybe I have missed it, since I don't know all the documentation details). Another possible solution, which would be "clean" in my opinion, is to create a chroot directory by taking a snapshot/copy of the root ("/") directory. Then it can be managed as a chroot client image (chroot to it, install new packages and software, etc.) Then whatever is installed on the server after the creation of the chroot directory does affect the content of the client image. Do you think this is a good solution? Can it be achieved with the tools that are already available, or it needs some improvements? Regards, Dashamir |
