Hi, Long time again since I replied :( Unfortunately had to resolve a number of other issues and wanted to attach smth already to this mail as opposite to just "reply".
I have started from FSM hooks as you indicated and I am including the initial version of patch for review based on our discussion. I have two hooks: fileOpen and fileClose and call them separately for install and erase. I had to make a number of choices while writing this patch, let's see if they were good ones :) Some details: - I tried to keep the logic of other hooks: if pre_hook is called, post_hook is also called with the result of the operation. However, it is a bit trickier in fsm case. For that purpose, I moved the fileclose hook in installation out of fsmCommit() that we can nicely pass the result to the hook. I also think it looks better from symmetry point of view, but it does now perfom labelling of a file (if it happens inside of a plugin) not exactly at the same place where Selinux currently does it. - I also made it that result from fileclose hook is ignored currently for the same reason as for post_tsm and post_psm hooks: what can rpm do after file has been committed even if plugin is unhappy? -The tricky part is what to do with the result code of fileOpen hook. In principle, this can be the place to abort installation/erasure of a concrete file in case smth really terrible happened (can't even think what can happen). Normally plugins should not abort anything on this hook (as we discussed) and if they do, then smth is wrong in plugin. On the other hand, rpm itself is physically able to abort at that point and even does it in cases for example if smth wrong with the archive unpacking. So, I am not really sure what to do with the return code in this case. - I was also thinking that it is probably not worth making it initially more complicated and adding additional hooks, like for handling the temporal files, because they can't really help fully with the security part: we might succeed setting whatever label on tpm file, but fail a second after on real file, or not succeed setting a label even on tmp file. I guess these hooks can be added on demand or simply later if the strong need comes. Best Regards, Elena.
0001-Adding-FSM-file-hooks.patch
Description: Binary data
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint