[Rpm-maint] [PATCH 1/2] Extending rpm plugin interface, part 1

Panu Matilainen pmatilai at laiskiainen.org
Fri Nov 9 09:04:01 UTC 2012

On 11/08/2012 01:01 PM, Reshetova, Elena wrote:
>> Okay then, done and pushed. Now that I looked closer, I spotted (and
>> fixed) a couple of more "issues": a tiny memleak from early
>> rpmtsSetupTransactionPlugins() return and some further cosmetics (two
> soft-tabs instead of one hard-tab, trailing whitespace etc), but nothing
> dramatic.
> Thank you!  I will seriously try to improve my style. I am not using vim for
> code edits, but I think I should probably reconsider it or get some kind of
> editor that shows all symbols explicitly. Pain to read but I get it right at
> the end :)

If you dont otherwise use vim, might be easier to figure out how to 
configure your preferred editor to honor the rpm style - since its 
essentially just K&R I'd assume pretty much any coding-oriented editor 
can deal with that. Vi(m) is a fairly strange beast initially :)

>> Oh and one other thing I noticed just now that'll need further thought:
>> currently the script setup hook only runs for external scripts, but not the
> embedded Lua-scripts. Which are getting more and more common...
>> They'll obviously need to be handled quite differently as they run within
> the rpm process itself, ie fork() + exec() does not occur.
> Yes, I don't currently have a very good idea how this case should be
> handled. The idea of script hook is that it sets the needed security
> context, but we obviously can't do this for lua case unless we want to drop
> the whole rpm security context.
> As a temporal and draconic measure we can compile rpm without lua support to
> close this hole, but it is no-go in the future since it is getting more and
> more usage. I guess this is one of the things that I need to think more
> about.

In case of SELinux, AFAICS a process can change its own context back and 
forth, IF permitted by the policy. So at least in theory it should 
possible to switch to a different context while executing a scriptlet 
and then switch back to the original context.

Perhaps the script hook should just follow the common pre/post-hook 
pattern of the other hooks afterall: pre-hook would just replace the 
current setup hook, and post-hook would run after the script got 
executed. If we add an extra argument to notify the hooks whether it's 
an internal or external script (or a more generic "flags" argument to 
allow passing more such bits later), the plugin(s) should be able to 
figure out what to do about it.

	- Panu -

More information about the Rpm-maint mailing list