enrico.scholz@xxxxxxxxxxxxxxxxxxxxxxxxx (Enrico Scholz) writes:
> So my proposal for security hooks:
>
> 1. create a macro which allows to specify a dynamic library; e.g.
>
> %_hook_library /usr/lib/util-vserver/rpmhooks.so
>
> This library has an API consisting of
>
> | void * rpmhook_init();
> | int rpmhook_preChroot(void *state, char const *chroot);
> | int rpmhook_preExec(void *state, int argc, char *argv[]);
Ok, SELinux people need more information[1] in the pre-chroot hook, so I
suggest the following change in the API:
| struct rpmhook_ExecInfo {
| unsigned int verified;
| char const * chroot_dir;
| char const * const * argv;
| char ** envp; // non-constness is required for cleanup tasks
| };
|
| int rpmhook_preChroot(void *data, struct rpmhook_ExecInfo const *);
| int rpmhook_preExec(void *data, struct rpmhook_ExecInfo const *);
Enrico
Footnotes:
[1] https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=145770
Attachment:
pgpm9gvankuHc.pgp
Description: PGP signature
_______________________________________________ Rpm-list mailing list Rpm-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/rpm-list
