[Rpm-maint] FSM hooks for rpm plugin

Reshetova, Elena elena.reshetova at intel.com
Thu Mar 14 13:01:44 UTC 2013 

>Sure, I'm not suggesting delaying everything until I someday get around to 
>fixing it, just that we could try thinking ahead for that model to hopefully 
>avoid having to change the plugin interfaces later. I pushed a bunch of fsm 
>changes yesterday, the two >more interesting ones that we already talked 
>about being:

>1) Reflect the hardlink count in st_nlink so the real files vs hardlinks can 
>be easily detected

>2) Set permissions before committing to the rename to final destination.

>With 2) in place, we might be able to model the hooks in a way that doesn't 
>require changing later. The question (again) just is, what the hooks should 
>actually be.

>I think we'd want those pre- and post-commit hooks in any case: for example a 
>%config versioning system plugin would want to know whether a file is being 
>replaced and if it actually succeeded. The pre-commit hook could of course be 
>used for setting >additional permissions, content checking etc as well, but 
>in the alleged new model of unpack + set permissions on all files first and 
>only then commit, I think one would want to abort the whole thing as early as 
>possible.

>Not that it matters all that much if we really are able to undo the whole 
>thing. So I guess we'll just go with the pre- and post-commit hooks for now 
>to be able to move forward with this. At least no-one can say this hasn't 
>been thoroughly discussed :)

I just went through your yesterday's changes. I think it now slowly falls 
together nicely. I think it is right that we need pre and post fsm hooks 
because even if we were able to unpack everything and successfully set all 
permissions on all files in tmp location, it isn't a guarantee that committing 
the whole thing to the final location would be successful. It is always 
possible that preserving security labels might fail or anything else might 
happen. And when you change a fsm model to new one, we can just add a new hook 
that would be called after each file is unpacked to tpm location: this would 
be primary hook for setting additional metadata on file and good time to scan 
the content of a file, too (so that we can revert the whole thing and delete a 
file if malware  is found in it). The only thing that I can't find so far a 
usage for pre commit hook for future: it would be kind of called on the same 
context (file is unpacked in tpm dir) and the future metadata/content 
screening hook.... One idea can be that for security needs, plugins can 
actually use pre- and post hooks to verify that permissions were preserved 
(and set) correctly and abort if they see some mismatch. But maybe this is too 
paranoid again :)


Best Regards,
Elena.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7220 bytes
Desc: not available
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20130314/8d7fb67c/attachment.p7s>

More information about the Rpm-maint mailing list