Re: [PATCH] Only invoke RPM on RPM-enabled Linux distributions

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Sven Vermeulen <sven.vermeulen@siphos.be>
To: Stephen Smalley <sds@tycho.nsa.gov>
Cc: selinux@tycho.nsa.gov
Subject: Re: [PATCH] Only invoke RPM on RPM-enabled Linux distributions
Date: Thu, 11 Jun 2015 17:22:02 +0200	[thread overview]
Message-ID: <20150611152202.GA13058@siphos.be> (raw)
In-Reply-To: <5576D9CC.3020102@tycho.nsa.gov>

On Tue, Jun 09, 2015 at 08:19:24AM -0400, Stephen Smalley wrote:
> On 06/09/2015 07:26 AM, Sven Vermeulen wrote:
> > In this patch, we use the Python platform module to get the Linux
> > distribution, and only start the RPM-related activities on Linux
> > distributions that use RPM as their native package manager.
> > 
> > Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> 
> Is there a more general way that we could do this without hardcoding
> checks of distribution names?  Maybe we could just test for the
> existence of rpm?

That wouldn't be sufficient.

The rpm binary might be installed for other reasons. The code in sepolicy is
used to query the rpm database and search for specific package names. This
is distribution-specific behavior.

If you rather check on the rpm binary, then additional checks will need to
be added to make sure that the assumptions that the code takes (such as
"selinux-policy" package being available) are valid as well.

Wkr,
        Sven Vermeulen

next prev parent reply	other threads:[~2015-06-11 15:22 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-06-09 11:26 [PATCH] Only invoke RPM on RPM-enabled Linux distributions Sven Vermeulen
2015-06-09 12:19 ` Stephen Smalley
2015-06-11 15:22   ` Sven Vermeulen [this message]
2015-06-12 12:33     ` Stephen Smalley
2015-06-12 13:00     ` Petr Lautrbach
2015-06-12 12:59 ` Stephen Smalley

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20150611152202.GA13058@siphos.be \
    --to=sven.vermeulen@siphos.be \
    --cc=sds@tycho.nsa.gov \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.