[Rpm-maint] Script hooks patch
Panu Matilainen
pmatilai at laiskiainen.org
Fri Nov 23 07:04:14 UTC 2012
On 11/23/2012 07:32 AM, Reshetova, Elena wrote:
> Hi,
>
>
>
> Please ignore the previous path: I should have just went to sleep yesterday
Heh, I know the feeling :)
>
> Somehow it got locked in my head that case when execv might fail is a
> special case (which of course it is, but not for this) and we need to call
> the hook there also to indicate this. Complete nonsense when you look at it
> with fresh head.
>
> The corrected patch attached!
I see a couple of further problems with this:
- runLuaScript() will leak memory and a file descriptor if
rpmpluginsCallScriptPre() fails.
- For external scripts the hooks run on different sides of the fork():
pre-hook runs in the forked child, post-hook in the parent, so parent
will be unaware of anything occurring in the pre-hook.
I'd prefer the hooks called from rpmScriptRun() already so there would
be exactly one place where to deal with them, but whether that would
actually work is a different question entirely...
External scripts have a lengthy setup sequence in the child between the
fork() and exec(), including a call to rpmExpand() on
%_install_script_path. Which should not, but technically could, have a
shell-invocation in it, which would cause a fork() + exec() of its own
which would cause (at least in case of SELinux) the exec context setup
to go to wrong address. It should be possible to move the rpmExpand()
into parent and just pass the path as an argument to doScriptExec()
though but just goes to show how the kind of minefield this is.
Internal scripts present different problems: as it is now, there's not
much difference between calling hooks from runLuaScript() and
rpmScriptRun(), but if we assume they'll get forked in the future, any
security context switch would have to happen after the fork. Which
inevitably causes the same asymmetry with pre- and post-hooks as there
is now with external scripts.
One way to address it would be having an "unpaired" post-fork (or
pre-exec if you like) hook that explicitly runs in the child process,
which basically is what we have now in the script setup hook. Which then
begs the question: what exactly are the new script pre- and post-hooks
supposed to be used for? Ok, I can imagine eg logging plugin wanting to
do something in both of those, but...
- Panu -
More information about the Rpm-maint
mailing list