On Tue, 2012-10-16 at 16:31 +0000, Reshetova, Elena wrote: > >The script setup hook is fairly obvious too, just forgot to mention it. > >The one question with that is (again) the argument(s) it receives: > >currently its ARGV_t, but does it actually need the entire argv or would just > >the actual executable path suffice for the setup? > > I am fine with just the path, but looking to SELinux code, the rpm_execcon() > func needs the whole argv struct. > > @ Stephen, do you know how mandatory for SELinux is to have the whole argv > struct? Is it just because of rpm_execcon() API or? It is because presently rpm_execcon() performs the exec call. If the exec call is handled by the caller, then we only need the executable path. Likewise with envp; we do not need it if the caller performs the exec. We would just move the remaining logic to set up the exec context from libselinux rpm_execcon() into the rpm selinux plugin code; as rpm is the only user of it, there is no real reason for it to live in libselinux vs being part of an rpm plugin. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
