[Rpm-maint] First attempt for the patch on extending the plugin interface for rpm

Stephen Smalley sds at tycho.nsa.gov
Tue Oct 16 16:51:43 UTC 2012

On Tue, 2012-10-16 at 16:31 +0000, Reshetova, Elena wrote:
> >The script setup hook is fairly obvious too, just forgot to mention it.
> >The one question with that is (again) the argument(s) it receives:
> >currently its ARGV_t, but does it actually need the entire argv or would just 
> >the actual executable path suffice for the setup?
> I am fine with just the path, but looking to SELinux code, the rpm_execcon() 
> func needs the whole argv struct.
> @ Stephen, do you know how mandatory for SELinux is to have the whole argv 
> struct? Is it just because of rpm_execcon() API or?

It is because presently rpm_execcon() performs the exec call.  If the
exec call is handled by the caller, then we only need the executable
path.  Likewise with envp; we do not need it if the caller performs the
exec.  We would just move the remaining logic to set up the exec context
from libselinux rpm_execcon() into the rpm selinux plugin code; as rpm
is the only user of it, there is no real reason for it to live in
libselinux vs being part of an rpm plugin.

Stephen Smalley
National Security Agency

More information about the Rpm-maint mailing list