Panu Matilainen <[email protected]> wrote on 09/23/2016 07:50:15 AM:
> >> > >> So... to achieve all this and actually behave correct in the face of > >> skipped files - whether due to color, netshared path or other file > >> policies - the IMA plugin should really just do what the selinux plugin > >> does and use fsm_file_prepare hook for its task, which after all is > >> highly similar anyway. > > > > Has the file been written when fsm_file_prepare is called? Otherwise it > > seems better to do it in fsm_file_post. > > Yes, the entire file has been created but not yet moved to its final > destination. That's why it gets two path parameters: "path" for the > actual current filename which has a temporary suffix, and "dest" which > is the actual destination filename. So this is really the best place to > do any metadata work because then the file actually ready when it gets > renamed to its final distination (ie without the suffix). For some mysterious reason dnf now exists in an update when I run in the fsm_file_prepare hook. After that, when telling dnf to install a package, it enumerates all kinds of locks that it unlocks. Do you know what may be the cause for this ? Following these issues, I would like to try to meve it to the fsm_file_post hook. Stefan
_______________________________________________ Rpm-maint mailing list [email protected] http://lists.rpm.org/mailman/listinfo/rpm-maint
