On 12/19/2013 06:37 PM, Mimi Zohar wrote:
On Thu, 2013-12-19 at 16:50 +0200, Panu Matilainen wrote:
On 12/19/2013 04:26 PM, Mimi Zohar wrote:
On Thu, 2013-12-19 at 15:28 +0200, Panu Matilainen wrote:
On 12/18/2013 08:55 PM, Mimi Zohar wrote:
Hi Panu,
I'm interested in using the new plugin architecture for adding
'security.ima'
extended attributes. So far, I've cloned the rpm git repo, compiled and
installed it, with plugins enabled. For the time being, I've written a
test plugin. I would have thought that the test plugin would be called,
when installing an rpm, but it doesn't seem to be.
I've added prints to rpmpluginsCallFsmFilePre() and
rpmpluginsCallFsmFilePost()
that revealed plugins->count is 0. How do I register the plugin? Do I
need to add something to the spec file? Any help would be much
appreciated!
You need to configure and explicitly enable plugins for them to get
activated. It's a bit of a mess at the moment and the details will
almost certainly change before becoming part of any official release,
but at the moment you basically need two bits of macro configuration
(replace "myplugin" with the name of your plugin):
# Tell rpm where to find myplugin DSO
%__transaction_myplugin %{__plugindir}/myplugin.so
# Enable the plugin (comma-separated list)
%__transaction_plugins myplugin
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Thanks! Is there any particular place in the spec file, that these
statements belong?
These are not spec things, they are rpm system configuration. Ie
something to put into /usr/lib/rpm/macros.d, /etc/rpm/* or such.
'make install' automatically adds the lines
to /usr/local/lib/rpm/macros.
As the plugin count is still 0, I must be missing something.
#------------------------------------------------------------------------------
# Collection specific macros
%__plugindir %{_libdir}/rpm-plugins
%__collection_font %{__plugindir}/exec.so /usr/bin/fc-cache
%__collection_java %{__plugindir}/exec.so /usr/bin/rebuild-gcj-db
%__collection_sepolicy %{__plugindir}/sepolicy.so
%__collection_sepolicy_flags 1
# Transaction plugin macros
%__transaction_systemd_inhibit %{__plugindir}/systemd_inhibit.so
%__transaction_ima %{__plugindir}/ima.so
%__transaction_selinux %{__plugindir}/selinux.so
%__transaction_syslog %{__plugindir}/syslog.so
That's the first part of the required configuration. As explained in the
earlier mail, to actually *enable* any plugins you need to explicitly
enable by listing them in %__transaction_plugins macro. So to enable the
"ima" plugin you'll need to set this someplace:
%__transaction_plugins ima
"make install" does not enable any plugins, at least currently, partly
because of the issues with manipulating the __transaction_plugins list.
- Panu -
_______________________________________________
Rpm-maint mailing list
[email protected]
http://lists.rpm.org/mailman/listinfo/rpm-maint
