>>>>> On Wed, 21 Jun 2006 14:51:55 -0400, Jeff Johnson <[EMAIL PROTECTED]> said:
Jeff> So I'd like to uncouple net-snmp from rpmlib by invoking
Jeff> /bin/rpm -qa --queryformat '%{name} %{version} %{release} %
Jeff> {installtime' when needed (mtime on /var/lib/rpm/Packages
Jeff> changes) instead of the existing quite deadly embrace. The
Jeff> 4-tuple is all that the Host Resources MIB has ever needed.
Ugh.
Jeff> Is this the right list to send the patch?
Well, this is the right place to discuss it. The best place to submit
it is our patches DB where we can't lose it (http://www.net-snmp.org/patches).
Jeff> Should I add a 3rd way for net-snmp to extract information from a
Jeff> rpmdb using /bin/rpm, or just rip out the existing and replace
Jeff> with a rpm-legacy-free helper invocation?
ugh.
Did I say that yet?
Ugh.
You're right that the binding is somewhat painful, but at the same
time it seems architecturally the right thing to do as well. Invoking
a command to spit out text which is then parsed by the demon leads to
an entirely different set of pain. I think it's likely similar to
breaking a leg to use the bones to splint an arm. Now, as to which
I'd rather have broken, that's where the "ugh" comes from.
In all honestly, the binding has worked fairly well up until the point
that you actually want to apply a non-liberal selinux (or any trusted
OS) policy to the snmp demon. The SNMP demon, sadly, needs many more
privileges than you'd like a network daemon to have. But that's
mostly due to the fact that it needs to access and report on so many
system pieces.
I don't think ripping the code out is architecturally right. Using
the APIs, to me, seems like the *right* architecture not the wrong
one. Exec()ing a program to interpret the output seems like a
last-resort hack (I've implemented many such last-resort hacks, by the
way).
In the end, we'd be implementing a different hack to actually hack
*around* security policies.
--
Wes Hardaker
Sparta, Inc.
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Net-snmp-coders mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
