[Rpm-maint] FSM hooks for rpm plugin

Reshetova, Elena elena.reshetova at intel.com
Tue Jan 22 14:36:11 UTC 2013


Hi,

Long time again since I replied :( Unfortunately had to resolve a number of
other issues and wanted to attach smth already to this mail as opposite to
just "reply".

I have started from FSM hooks as you indicated and I am including the
initial version of patch for review based on our discussion. 

I have two hooks: fileOpen and fileClose and call them separately for
install and erase. I had to make a number of choices while writing this
patch, let's see if they were good ones :)
Some details: 

- I tried to keep the logic of other hooks: if pre_hook is called, post_hook
is also called with the result of the operation. However, it is a bit
trickier in fsm case. For that purpose, I moved the fileclose hook in
installation out of fsmCommit() that we can nicely pass the result to the
hook. 
  I also think it looks better from symmetry point of view, but it does now
perfom labelling of a file (if it happens inside of a plugin) not exactly at
the same place where Selinux currently does it. 

- I also made it that result from fileclose hook is ignored currently for
the same reason as for post_tsm and post_psm hooks: what can rpm do after
file has been committed even if plugin is unhappy?

-The tricky part is what to do with the result code of fileOpen hook. In
principle, this can be the place to abort installation/erasure of a concrete
file in case smth really terrible happened (can't even think what can
happen). Normally plugins should not abort anything on this hook (as we
discussed) and if they do, then smth is wrong in plugin.  On the other hand,
rpm itself is physically able to abort at that point and even does it in
cases for example if smth wrong with the archive unpacking. So, I am not
really sure what to do with the return code in this case.

- I was also thinking that it is probably not worth making it initially more
complicated and adding additional hooks, like for handling the temporal
files, because they can't really help fully with the security part: we might
succeed setting whatever label on tpm file, but fail a second after on real
file, or not succeed setting a label even on tmp file. I guess these hooks
can be added on demand or simply later if the strong need comes. 
 
Best Regards,
Elena.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Adding-FSM-file-hooks.patch
Type: application/octet-stream
Size: 9400 bytes
Desc: not available
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20130122/ebf455d7/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7220 bytes
Desc: not available
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20130122/ebf455d7/attachment.p7s>


More information about the Rpm-maint mailing list