On 09/23/2016 10:30 PM, Panu Matilainen wrote:
On 09/23/2016 07:43 PM, Stefan Berger wrote:
Panu Matilainen <pmati...@laiskiainen.org> wrote on 09/23/2016 07:50:15
AM:
So... to achieve all this and actually behave correct in the face of
skipped files - whether due to color, netshared path or other file
policies - the IMA plugin should really just do what the selinux
plugin
does and use fsm_file_prepare hook for its task, which after all is
highly similar anyway.
Has the file been written when fsm_file_prepare is called? Otherwise
it
seems better to do it in fsm_file_post.
Yes, the entire file has been created but not yet moved to its final
destination. That's why it gets two path parameters: "path" for the
actual current filename which has a temporary suffix, and "dest" which
is the actual destination filename. So this is really the best place to
do any metadata work because then the file actually ready when it gets
renamed to its final distination (ie without the suffix).
For some mysterious reason dnf now exists in an update when I run in the
fsm_file_prepare hook. After that, when telling dnf to install a package,
it enumerates all kinds of locks that it unlocks. Do you know what may be
the cause for this ?
A bug in the code, causing a crash? Like I said, what I posted is
entirely untested, it was just to point you in the general direction.
My first guess would be NULL fi tripping up one of the rpmfiFoo() calls,
reading through http://rpm.org/wiki/DevelDocs/Plugins reminded me that
fi can be NULL (on unowned directories).
So change the start to eg:
/* Ignore skipped files and unowned directories */
if (XFA_SKIPPING(action) || fi == NULL)
goto exit;
Oh and BTW, for your own sanity, when debugging something rpm-related
try to eliminate dnf/yum out of the picture if at all possible. Try
installations and upgrades etc with plain rpm first, and once that works
chances are it works with dnf too.
Most likely dnf ends up doing what looks like an exit on what is
actually a segfault because the transaction callback in python + yum/dnf
has multiple layers of crash trapping and whatnot.
- Panu -
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint
