[Rpm-maint] FSM hooks for rpm plugin

Reshetova, Elena elena.reshetova at intel.com
Wed Mar 6 11:14:29 UTC 2013


Hi,

I am attaching the fast write-up of a metadata hook. While it is dead simple, 
there are actually two things that made me think:

- Should it be called before or after setting the standard metadata, such as 
owner, caps and etc.?
 I chose to do it before because I don't think that there is a need for a 
plugin to mess up with standard metadata that can be transferred by rpm 
itself, but
this is arguable. One might think that in some cases security plugin wants to 
enforce a stricter policy for example on file capabilities
 (example: package might not be enough trusted to get CAP_MAC_ADMIN),
but then it becomes that plugin and rpm are setting two different things.... 
So, might be better to reject installation of such package then instead 
installing it without the right cap.

- For the hook arguments, I think it is worth to give whole stat struct to the 
plugin as we discussed and I decided to keep action, too. Especially when we 
add this hook on removal, it would be very useful.
I don't think any other arguments are needed (at least not to SELinux and 
msm), but maybe I missed smth.

Best Regards,
Elena.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-New-FSM-plugin-hook-PLUGINHOOK_FSM_FILE_METADATA_FUN.patch
Type: application/octet-stream
Size: 3945 bytes
Desc: not available
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20130306/d257f3df/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7220 bytes
Desc: not available
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20130306/d257f3df/attachment-0001.p7s>


More information about the Rpm-maint mailing list