[Rpm-maint] [PATCH v2 0/4] Fixes for file signatures
Stefan Berger
stefanb at us.ibm.com
Fri Sep 23 16:43:33 UTC 2016
Panu Matilainen <pmatilai at laiskiainen.org> wrote on 09/23/2016 07:50:15
AM:
> >>
> >> So... to achieve all this and actually behave correct in the face of
> >> skipped files - whether due to color, netshared path or other file
> >> policies - the IMA plugin should really just do what the selinux
plugin
> >> does and use fsm_file_prepare hook for its task, which after all is
> >> highly similar anyway.
> >
> > Has the file been written when fsm_file_prepare is called? Otherwise
it
> > seems better to do it in fsm_file_post.
>
> Yes, the entire file has been created but not yet moved to its final
> destination. That's why it gets two path parameters: "path" for the
> actual current filename which has a temporary suffix, and "dest" which
> is the actual destination filename. So this is really the best place to
> do any metadata work because then the file actually ready when it gets
> renamed to its final distination (ie without the suffix).
For some mysterious reason dnf now exists in an update when I run in the
fsm_file_prepare hook. After that, when telling dnf to install a package,
it enumerates all kinds of locks that it unlocks. Do you know what may be
the cause for this ?
Following these issues, I would like to try to meve it to the
fsm_file_post hook.
Stefan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20160923/f06747e8/attachment.html>
More information about the Rpm-maint
mailing list