<p>The primary motivation here is to consolidate all database accesses<br>
on one side of the chroot, currently it happens on both sides of the<br>
border causing all sorts of issues and limitations (such as preventing<br>
us from using more advanced modes of databases).<br>
As a positive side-effect, the sections where we potentially run<br>
inside chroot are more easily identifiable.</p>
<p>Consolidating on the outside may seem counter-productive, to improve<br>
security it seems you'd want to spend as much time <em>in</em> as possible,<br>
including database accesses. Unfortunately due to rpm's access patterns<br>
and API promises, that's not really achievable (tried several approaches,<br>
run into as many dead-ends).</p>
<p>Technically we could localize the chroot placement much further, but<br>
doing so would change the side for transaction callbacks, which could<br>
cause nasty breakage for our API users as various clients use those<br>
callback slots to update their own databases and logs. So the chroot<br>
spots here are selected to cover minimum possible code while preserving<br>
the chroot side of callbacks and plugin slots: RPMCALLBACK_INST_OPEN/CLOSE,<br>
ELEM_PROGRESS and VERIFY_* occur outside the chroot, everything else inside.<br>
Of plugin slots, init/cleanup and tsm_pre/post occur outside, everything<br>
else inside.</p>

<hr>

<h4>You can view, comment on, or merge this pull request online at:</h4>
<p>  <a href='https://github.com/rpm-software-management/rpm/pull/836'>https://github.com/rpm-software-management/rpm/pull/836</a></p>

<h4>Commit Summary</h4>
<ul>
  <li>Localize our chroot in/out operations to minimize time spent inside</li>
</ul>

<h4>File Changes</h4>
<ul>
  <li>
    <strong>M</strong>
    <a href="https://github.com/rpm-software-management/rpm/pull/836/files#diff-0">lib/psm.c</a>
    (66)
  </li>
  <li>
    <strong>M</strong>
    <a href="https://github.com/rpm-software-management/rpm/pull/836/files#diff-1">lib/rpmtriggers.c</a>
    (12)
  </li>
  <li>
    <strong>M</strong>
    <a href="https://github.com/rpm-software-management/rpm/pull/836/files#diff-2">lib/rpmts.c</a>
    (2)
  </li>
  <li>
    <strong>M</strong>
    <a href="https://github.com/rpm-software-management/rpm/pull/836/files#diff-3">lib/transaction.c</a>
    (5)
  </li>
</ul>

<h4>Patch Links:</h4>
<ul>
  <li><a href='https://github.com/rpm-software-management/rpm/pull/836.patch'>https://github.com/rpm-software-management/rpm/pull/836.patch</a></li>
  <li><a href='https://github.com/rpm-software-management/rpm/pull/836.diff'>https://github.com/rpm-software-management/rpm/pull/836.diff</a></li>
</ul>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/rpm-software-management/rpm/pull/836?email_source=notifications&email_token=ADLPZU2TIMBDEC63WTSSNDLQJNYDJA5CNFSM4IWOYAJ2YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4HLGVHYQ">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/ADLPZU7IVFKRTQDW3KBPOYDQJNYDJANCNFSM4IWOYAJQ">mute the thread</a>.<img src="https://github.com/notifications/beacon/ADLPZU4SW3IJKGJOFRH354DQJNYDJA5CNFSM4IWOYAJ2YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4HLGVHYQ.gif" height="1" width="1" alt="" /></p>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/rpm-software-management/rpm/pull/836?email_source=notifications\u0026email_token=ADLPZU2TIMBDEC63WTSSNDLQJNYDJA5CNFSM4IWOYAJ2YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4HLGVHYQ",
"url": "https://github.com/rpm-software-management/rpm/pull/836?email_source=notifications\u0026email_token=ADLPZU2TIMBDEC63WTSSNDLQJNYDJA5CNFSM4IWOYAJ2YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4HLGVHYQ",
"name": "View Pull Request"
},
"description": "View this Pull Request on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script>