[PATCH RFC] Package script(let)s SELinux execution context

[PATCH RFC] Package script(let)s SELinux execution context

[Guillem Jover]

Hi!

Some context for the rpm folks. While looking into improving SELinux
support in dpkg, I noticed that dpkg is not setting a new execution
context when running the package maintainer scripts (package scriptlets
in rpm lingo, I think). And when checking how to implement it, it seemed
that reusing something like the current rpm_execcon() would be best,
and Stephen seemed to agree. For more details, see the thread starting
at <http://marc.info/?t=135236358700001&r=1&w=2>.

Having checked the rpm code, and the mailing list, it seems like this
new function would make it easy to be used there too for stuff like
the Lua scriptlets (if desired), and might make it easier also to
switch to the new rpm plugins framework (?).

I've discarded the verified argument for the new function because that
seemed best handled from the rpm side, and in any case seemed unrelated
to the execution context. I'm not entirely convinced about the function
name though, as it could be confused as applying a context to a path on
the filesystem. And I've not marked rpm_execcon() as deprecated because
it might be annoying at the beginning, but would change that if you think
it makes sense.

In any case, here's a patch adding such new function. For dpkg, given
that it has never set a new context up to now, I'd only make use of the
function if it's available in libselinux, as I don't think it's worth it
to ship an embedded copy. For rpm, I guess it could switch to use the
function also if available and fallback to rpm_execcon() otherwise. After
a while the rpm_execcon() function could be removed from libselinux, on
the next ABI break, as I understand was the plan anyway (?).

(The patch might not apply w/o the man page cleanup series.)

So, what do you think?

Thanks,
Guillem

Guillem Jover (1):
  libselinux: Refactor rpm_execcon into a new setexecfilecon()

 libselinux/Makefile                        |  3 +++
 libselinux/include/selinux/selinux.h       |  4 ++++
 libselinux/man/man3/getexeccon.3           | 23 ++++++++++++++++++++---
 libselinux/src/Makefile                    |  3 ---
 libselinux/src/{rpm.c => setexecfilecon.c} | 27 ++++++++++++++++++++-------
 5 files changed, 47 insertions(+), 13 deletions(-)
 rename libselinux/src/{rpm.c => setexecfilecon.c} (71%)

-- 
1.8.0


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

[PATCH] libselinux: Refactor rpm_execcon() into a new setexecfilecon()

[Guillem Jover]

This new function allows a process to invoke helper programs with
a new execution context based on the filename, this is initially
intended for package managers so that they can easily execute
package scriptlets or maintainer scripts.

Base rpm_execcon() off this new function.

Signed-off-by: Guillem Jover <guillem@debian.org>
---
 libselinux/Makefile                        |  3 +++
 libselinux/include/selinux/selinux.h       |  4 ++++
 libselinux/man/man3/getexeccon.3           | 23 ++++++++++++++++++++---
 libselinux/src/Makefile                    |  3 ---
 libselinux/src/{rpm.c => setexecfilecon.c} | 27 ++++++++++++++++++++-------
 5 files changed, 47 insertions(+), 13 deletions(-)
 rename libselinux/src/{rpm.c => setexecfilecon.c} (71%)

diff --git a/libselinux/Makefile b/libselinux/Makefile
index fd4f0b1..6142b60 100644
--- a/libselinux/Makefile
+++ b/libselinux/Makefile
@@ -16,6 +16,9 @@ endif
 ifeq ($(DISABLE_BOOL),y)
 	EMFLAGS+= -DDISABLE_BOOL
 endif
+ifeq ($(DISABLE_RPM),y)
+	EMFLAGS+= -DDISABLE_RPM
+endif
 ifeq ($(DISABLE_SETRANS),y)
 	EMFLAGS+= -DDISABLE_SETRANS
 endif
diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h
index 6b9089d..e1e965d 100644
--- a/libselinux/include/selinux/selinux.h
+++ b/libselinux/include/selinux/selinux.h
@@ -565,6 +565,10 @@ int selinuxfs_exists(void);
 /* clear selinuxmnt variable and free allocated memory */
 void fini_selinuxmnt(void);
 
+/* Set an appropriate security context based on the filename of a helper
+ * program, falling back to a new context with the specified type. */
+extern int setexecfilecon(const char *filename, const char *fallback_type);
+
 /* Execute a helper for rpm in an appropriate security context. */
 extern int rpm_execcon(unsigned int verified,
 		       const char *filename,
diff --git a/libselinux/man/man3/getexeccon.3 b/libselinux/man/man3/getexeccon.3
index c188a3a..1b66ab6 100644
--- a/libselinux/man/man3/getexeccon.3
+++ b/libselinux/man/man3/getexeccon.3
@@ -15,6 +15,8 @@ rpm_execcon \- run a helper for rpm in an appropriate security context
 .sp
 .BI "int setexeccon_raw(security_context_t "context );
 .sp
+.BI "int setexecfilecon(const char *" filename ", const char *" fallback_type );
+.sp
 .BI "int rpm_execcon(unsigned int " verified ", const char *" filename ", char *const " argv "[] , char *const " envp "[]);
 .
 .SH "DESCRIPTION"
@@ -62,7 +64,21 @@ Signal handlers that perform an
 must take care to
 save, reset, and restore the exec context to avoid unexpected behavior.
 
+.BR setexecfilecon ()
+sets the context used for the next
+.BR execve (2)
+call, based on the policy for the
+.IR filename ,
+and falling back to a new context with a
+.I fallback_type
+in case there is no transition.
+
 .BR rpm_execcon ()
+is deprecated; please use
+.BR setexecfilecon ()
+in conjunction with
+.BR execve (2)
+in all new code. This function
 runs a helper for rpm in an appropriate security context.  The
 verified parameter should contain the return code from the signature
 verification (0 == ok, 1 == notfound, 2 == verifyfail, 3 ==
@@ -76,10 +92,11 @@ environment arrays.
 On error \-1 is returned.
 
 On success
-.BR getexeccon ()
-and
+.BR getexeccon (),
 .BR setexeccon ()
-returns 0.
+and
+.BR setexecfilecon ()
+return 0.
 .BR rpm_execcon ()
 only returns upon errors, as it calls
 .BR execve (2).
diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
index ac019df..a7e5311 100644
--- a/libselinux/src/Makefile
+++ b/libselinux/src/Makefile
@@ -47,9 +47,6 @@ endif
 ifeq ($(DISABLE_BOOL),y)
 	UNUSED_SRCS+=booleans.c
 endif
-ifeq ($(DISABLE_RPM),y)
-	UNUSED_SRCS+=rpm.c
-endif
 
 GENERATED=$(SWIGCOUT) $(SWIGRUBYCOUT) selinuxswig_python_exception.i
 SRCS= $(filter-out $(UNUSED_SRCS) $(GENERATED) audit2why.c, $(wildcard *.c))
diff --git a/libselinux/src/rpm.c b/libselinux/src/setexecfilecon.c
similarity index 71%
rename from libselinux/src/rpm.c
rename to libselinux/src/setexecfilecon.c
index b89f1bb..b3afa13 100644
--- a/libselinux/src/rpm.c
+++ b/libselinux/src/setexecfilecon.c
@@ -5,15 +5,14 @@
 #include "selinux_internal.h"
 #include "context_internal.h"
 
-int rpm_execcon(unsigned int verified __attribute__ ((unused)),
-		const char *filename, char *const argv[], char *const envp[])
+int setexecfilecon(const char *filename, const char *fallback_type)
 {
 	security_context_t mycon = NULL, fcon = NULL, newcon = NULL;
 	context_t con = NULL;
 	int rc = 0;
 
 	if (is_selinux_enabled() < 1)
-		return execve(filename, argv, envp);
+		return 0;
 
 	rc = getcon(&mycon);
 	if (rc < 0)
@@ -28,12 +27,12 @@ int rpm_execcon(unsigned int verified __attribute__ ((unused)),
 		goto out;
 
 	if (!strcmp(mycon, newcon)) {
-		/* No default transition, use rpm_script_t for now. */
+		/* No default transition, use fallback_type for now. */
 		rc = -1;
 		con = context_new(mycon);
 		if (!con)
 			goto out;
-		if (context_type_set(con, "rpm_script_t"))
+		if (context_type_set(con, fallback_type))
 			goto out;
 		freecon(newcon);
 		newcon = strdup(context_str(con));
@@ -47,8 +46,8 @@ int rpm_execcon(unsigned int verified __attribute__ ((unused)),
 		goto out;
       out:
 
-	if (rc >= 0 || security_getenforce() < 1)
-		rc = execve(filename, argv, envp);
+	if (rc < 0 && security_getenforce() == 0)
+		rc = 0;
 
 	context_free(con);
 	freecon(newcon);
@@ -56,3 +55,17 @@ int rpm_execcon(unsigned int verified __attribute__ ((unused)),
 	freecon(mycon);
 	return rc < 0 ? rc : 0;
 }
+
+#ifndef DISABLE_RPM
+int rpm_execcon(unsigned int verified __attribute__ ((unused)),
+		const char *filename, char *const argv[], char *const envp[])
+{
+	int rc;
+
+	rc = setexecfilecon(filename, "rpm_script_t");
+	if (rc < 0)
+		return rc;
+
+	return execve(filename, argv, envp);
+}
+#endif
-- 
1.8.0


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH] libselinux: Refactor rpm_execcon() into a new setexecfilecon()

[Laurent Bigonville]

Hi,

I guess this patch got lost somewhere, is there still any plan to merge
it?

Cheers,

Laurent Bigonville

Le Tue, 20 Nov 2012 16:27:55 +0100,
Guillem Jover <guillem@debian.org> a écrit :

> This new function allows a process to invoke helper programs with
> a new execution context based on the filename, this is initially
> intended for package managers so that they can easily execute
> package scriptlets or maintainer scripts.
> 
> Base rpm_execcon() off this new function.
> 
> Signed-off-by: Guillem Jover <guillem@debian.org>
> ---
>  libselinux/Makefile                        |  3 +++
>  libselinux/include/selinux/selinux.h       |  4 ++++
>  libselinux/man/man3/getexeccon.3           | 23
> ++++++++++++++++++++--- libselinux/src/Makefile                    |
> 3 --- libselinux/src/{rpm.c => setexecfilecon.c} | 27
> ++++++++++++++++++++------- 5 files changed, 47 insertions(+), 13
> deletions(-) rename libselinux/src/{rpm.c => setexecfilecon.c} (71%)
> 
> diff --git a/libselinux/Makefile b/libselinux/Makefile
> index fd4f0b1..6142b60 100644
> --- a/libselinux/Makefile
> +++ b/libselinux/Makefile
> @@ -16,6 +16,9 @@ endif
>  ifeq ($(DISABLE_BOOL),y)
>  	EMFLAGS+= -DDISABLE_BOOL
>  endif
> +ifeq ($(DISABLE_RPM),y)
> +	EMFLAGS+= -DDISABLE_RPM
> +endif
>  ifeq ($(DISABLE_SETRANS),y)
>  	EMFLAGS+= -DDISABLE_SETRANS
>  endif
> diff --git a/libselinux/include/selinux/selinux.h
> b/libselinux/include/selinux/selinux.h index 6b9089d..e1e965d 100644
> --- a/libselinux/include/selinux/selinux.h
> +++ b/libselinux/include/selinux/selinux.h
> @@ -565,6 +565,10 @@ int selinuxfs_exists(void);
>  /* clear selinuxmnt variable and free allocated memory */
>  void fini_selinuxmnt(void);
>  
> +/* Set an appropriate security context based on the filename of a
> helper
> + * program, falling back to a new context with the specified type. */
> +extern int setexecfilecon(const char *filename, const char
> *fallback_type); +
>  /* Execute a helper for rpm in an appropriate security context. */
>  extern int rpm_execcon(unsigned int verified,
>  		       const char *filename,
> diff --git a/libselinux/man/man3/getexeccon.3
> b/libselinux/man/man3/getexeccon.3 index c188a3a..1b66ab6 100644
> --- a/libselinux/man/man3/getexeccon.3
> +++ b/libselinux/man/man3/getexeccon.3
> @@ -15,6 +15,8 @@ rpm_execcon \- run a helper for rpm in an
> appropriate security context .sp
>  .BI "int setexeccon_raw(security_context_t "context );
>  .sp
> +.BI "int setexecfilecon(const char *" filename ", const char *"
> fallback_type ); +.sp
>  .BI "int rpm_execcon(unsigned int " verified ", const char *"
> filename ", char *const " argv "[] , char *const " envp "[]); .
>  .SH "DESCRIPTION"
> @@ -62,7 +64,21 @@ Signal handlers that perform an
>  must take care to
>  save, reset, and restore the exec context to avoid unexpected
> behavior. 
> +.BR setexecfilecon ()
> +sets the context used for the next
> +.BR execve (2)
> +call, based on the policy for the
> +.IR filename ,
> +and falling back to a new context with a
> +.I fallback_type
> +in case there is no transition.
> +
>  .BR rpm_execcon ()
> +is deprecated; please use
> +.BR setexecfilecon ()
> +in conjunction with
> +.BR execve (2)
> +in all new code. This function
>  runs a helper for rpm in an appropriate security context.  The
>  verified parameter should contain the return code from the signature
>  verification (0 == ok, 1 == notfound, 2 == verifyfail, 3 ==
> @@ -76,10 +92,11 @@ environment arrays.
>  On error \-1 is returned.
>  
>  On success
> -.BR getexeccon ()
> -and
> +.BR getexeccon (),
>  .BR setexeccon ()
> -returns 0.
> +and
> +.BR setexecfilecon ()
> +return 0.
>  .BR rpm_execcon ()
>  only returns upon errors, as it calls
>  .BR execve (2).
> diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
> index ac019df..a7e5311 100644
> --- a/libselinux/src/Makefile
> +++ b/libselinux/src/Makefile
> @@ -47,9 +47,6 @@ endif
>  ifeq ($(DISABLE_BOOL),y)
>  	UNUSED_SRCS+=booleans.c
>  endif
> -ifeq ($(DISABLE_RPM),y)
> -	UNUSED_SRCS+=rpm.c
> -endif
>  
>  GENERATED=$(SWIGCOUT) $(SWIGRUBYCOUT) selinuxswig_python_exception.i
>  SRCS= $(filter-out $(UNUSED_SRCS) $(GENERATED) audit2why.c,
> $(wildcard *.c)) diff --git a/libselinux/src/rpm.c
> b/libselinux/src/setexecfilecon.c similarity index 71%
> rename from libselinux/src/rpm.c
> rename to libselinux/src/setexecfilecon.c
> index b89f1bb..b3afa13 100644
> --- a/libselinux/src/rpm.c
> +++ b/libselinux/src/setexecfilecon.c
> @@ -5,15 +5,14 @@
>  #include "selinux_internal.h"
>  #include "context_internal.h"
>  
> -int rpm_execcon(unsigned int verified __attribute__ ((unused)),
> -		const char *filename, char *const argv[], char
> *const envp[]) +int setexecfilecon(const char *filename, const char
> *fallback_type) {
>  	security_context_t mycon = NULL, fcon = NULL, newcon = NULL;
>  	context_t con = NULL;
>  	int rc = 0;
>  
>  	if (is_selinux_enabled() < 1)
> -		return execve(filename, argv, envp);
> +		return 0;
>  
>  	rc = getcon(&mycon);
>  	if (rc < 0)
> @@ -28,12 +27,12 @@ int rpm_execcon(unsigned int verified
> __attribute__ ((unused)), goto out;
>  
>  	if (!strcmp(mycon, newcon)) {
> -		/* No default transition, use rpm_script_t for now.
> */
> +		/* No default transition, use fallback_type for now.
> */ rc = -1;
>  		con = context_new(mycon);
>  		if (!con)
>  			goto out;
> -		if (context_type_set(con, "rpm_script_t"))
> +		if (context_type_set(con, fallback_type))
>  			goto out;
>  		freecon(newcon);
>  		newcon = strdup(context_str(con));
> @@ -47,8 +46,8 @@ int rpm_execcon(unsigned int verified __attribute__
> ((unused)), goto out;
>        out:
>  
> -	if (rc >= 0 || security_getenforce() < 1)
> -		rc = execve(filename, argv, envp);
> +	if (rc < 0 && security_getenforce() == 0)
> +		rc = 0;
>  
>  	context_free(con);
>  	freecon(newcon);
> @@ -56,3 +55,17 @@ int rpm_execcon(unsigned int verified
> __attribute__ ((unused)), freecon(mycon);
>  	return rc < 0 ? rc : 0;
>  }
> +
> +#ifndef DISABLE_RPM
> +int rpm_execcon(unsigned int verified __attribute__ ((unused)),
> +		const char *filename, char *const argv[], char
> *const envp[]) +{
> +	int rc;
> +
> +	rc = setexecfilecon(filename, "rpm_script_t");
> +	if (rc < 0)
> +		return rc;
> +
> +	return execve(filename, argv, envp);
> +}
> +#endif

Re: [PATCH] libselinux: Refactor rpm_execcon() into a new setexecfilecon()

[Stephen Smalley]

On 01/05/2014 05:01 PM, Laurent Bigonville wrote:
> Hi,
> 
> I guess this patch got lost somewhere, is there still any plan to merge
> it?

Applied on #next.

Re: [PATCH RFC] Package script(let)s SELinux execution context

[Eric Paris]

Anyone have any comments?  I don't see a problem if such a function
would make your life better...

On Tue, Nov 20, 2012 at 10:27 AM, Guillem Jover <guillem@debian.org> wrote:
> Hi!
>
> Some context for the rpm folks. While looking into improving SELinux
> support in dpkg, I noticed that dpkg is not setting a new execution
> context when running the package maintainer scripts (package scriptlets
> in rpm lingo, I think). And when checking how to implement it, it seemed
> that reusing something like the current rpm_execcon() would be best,
> and Stephen seemed to agree. For more details, see the thread starting
> at <http://marc.info/?t=135236358700001&r=1&w=2>.
>
> Having checked the rpm code, and the mailing list, it seems like this
> new function would make it easy to be used there too for stuff like
> the Lua scriptlets (if desired), and might make it easier also to
> switch to the new rpm plugins framework (?).
>
> I've discarded the verified argument for the new function because that
> seemed best handled from the rpm side, and in any case seemed unrelated
> to the execution context. I'm not entirely convinced about the function
> name though, as it could be confused as applying a context to a path on
> the filesystem. And I've not marked rpm_execcon() as deprecated because
> it might be annoying at the beginning, but would change that if you think
> it makes sense.
>
> In any case, here's a patch adding such new function. For dpkg, given
> that it has never set a new context up to now, I'd only make use of the
> function if it's available in libselinux, as I don't think it's worth it
> to ship an embedded copy. For rpm, I guess it could switch to use the
> function also if available and fallback to rpm_execcon() otherwise. After
> a while the rpm_execcon() function could be removed from libselinux, on
> the next ABI break, as I understand was the plan anyway (?).
>
> (The patch might not apply w/o the man page cleanup series.)
>
> So, what do you think?
>
> Thanks,
> Guillem
>
> Guillem Jover (1):
>   libselinux: Refactor rpm_execcon into a new setexecfilecon()
>
>  libselinux/Makefile                        |  3 +++
>  libselinux/include/selinux/selinux.h       |  4 ++++
>  libselinux/man/man3/getexeccon.3           | 23 ++++++++++++++++++++---
>  libselinux/src/Makefile                    |  3 ---
>  libselinux/src/{rpm.c => setexecfilecon.c} | 27 ++++++++++++++++++++-------
>  5 files changed, 47 insertions(+), 13 deletions(-)
>  rename libselinux/src/{rpm.c => setexecfilecon.c} (71%)
>
> --
> 1.8.0
>
>
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [Rpm-maint] [PATCH RFC] Package script(let)s SELinux execution context

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/03/2012 12:15 PM, Eric Paris wrote:
> Anyone have any comments?  I don't see a problem if such a function would
> make your life better...
> 
I have no problem with it.
> On Tue, Nov 20, 2012 at 10:27 AM, Guillem Jover <guillem@debian.org>
> wrote:
>> Hi!
>> 
>> Some context for the rpm folks. While looking into improving SELinux 
>> support in dpkg, I noticed that dpkg is not setting a new execution 
>> context when running the package maintainer scripts (package scriptlets 
>> in rpm lingo, I think). And when checking how to implement it, it seemed 
>> that reusing something like the current rpm_execcon() would be best, and
>> Stephen seemed to agree. For more details, see the thread starting at
>> <http://marc.info/?t=135236358700001&r=1&w=2>.
>> 
>> Having checked the rpm code, and the mailing list, it seems like this new
>> function would make it easy to be used there too for stuff like the Lua
>> scriptlets (if desired), and might make it easier also to switch to the
>> new rpm plugins framework (?).
>> 
>> I've discarded the verified argument for the new function because that 
>> seemed best handled from the rpm side, and in any case seemed unrelated 
>> to the execution context. I'm not entirely convinced about the function 
>> name though, as it could be confused as applying a context to a path on 
>> the filesystem. And I've not marked rpm_execcon() as deprecated because 
>> it might be annoying at the beginning, but would change that if you
>> think it makes sense.
>> 
>> In any case, here's a patch adding such new function. For dpkg, given 
>> that it has never set a new context up to now, I'd only make use of the 
>> function if it's available in libselinux, as I don't think it's worth it 
>> to ship an embedded copy. For rpm, I guess it could switch to use the 
>> function also if available and fallback to rpm_execcon() otherwise.
>> After a while the rpm_execcon() function could be removed from
>> libselinux, on the next ABI break, as I understand was the plan anyway
>> (?).
>> 
>> (The patch might not apply w/o the man page cleanup series.)
>> 
>> So, what do you think?
>> 
>> Thanks, Guillem
>> 
>> Guillem Jover (1): libselinux: Refactor rpm_execcon into a new
>> setexecfilecon()
>> 
>> libselinux/Makefile                        |  3 +++ 
>> libselinux/include/selinux/selinux.h       |  4 ++++ 
>> libselinux/man/man3/getexeccon.3           | 23 ++++++++++++++++++++--- 
>> libselinux/src/Makefile                    |  3 --- libselinux/src/{rpm.c
>> => setexecfilecon.c} | 27 ++++++++++++++++++++------- 5 files changed, 47
>> insertions(+), 13 deletions(-) rename libselinux/src/{rpm.c =>
>> setexecfilecon.c} (71%)
>> 
>> -- 1.8.0
>> 
>> 
>> -- This message was distributed to subscribers of the selinux mailing
>> list. If you no longer wish to subscribe, send mail to
>> majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without
>> quotes as the message.
> _______________________________________________ Rpm-maint mailing list 
> Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
> 
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iEYEARECAAYFAlDQxusACgkQrlYvE4MpobO84QCgkrExxyhcACGfA+G6xSD4xWgK
zOEAoOtbDyO38jL9Rw6S+4S1hT416gMe
=lbln
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [PATCH RFC] Package script(let)s SELinux execution context

[Guillem Jover]

Hi!

On Mon, 2012-12-03 at 12:15:23 -0500, Eric Paris wrote:
> On Tue, Nov 20, 2012 at 10:27 AM, Guillem Jover <guillem@debian.org> wrote:
> > Some context for the rpm folks. While looking into improving SELinux
> > support in dpkg, I noticed that dpkg is not setting a new execution
> > context when running the package maintainer scripts (package scriptlets
> > in rpm lingo, I think). And when checking how to implement it, it seemed
> > that reusing something like the current rpm_execcon() would be best,
> > and Stephen seemed to agree. For more details, see the thread starting
> > at <http://marc.info/?t=135236358700001&r=1&w=2>.
> >
> > Having checked the rpm code, and the mailing list, it seems like this
> > new function would make it easy to be used there too for stuff like
> > the Lua scriptlets (if desired), and might make it easier also to
> > switch to the new rpm plugins framework (?).
> >
> > I've discarded the verified argument for the new function because that
> > seemed best handled from the rpm side, and in any case seemed unrelated
> > to the execution context. I'm not entirely convinced about the function
> > name though, as it could be confused as applying a context to a path on
> > the filesystem. And I've not marked rpm_execcon() as deprecated because
> > it might be annoying at the beginning, but would change that if you think
> > it makes sense.
> >
> > In any case, here's a patch adding such new function. For dpkg, given
> > that it has never set a new context up to now, I'd only make use of the
> > function if it's available in libselinux, as I don't think it's worth it
> > to ship an embedded copy. For rpm, I guess it could switch to use the
> > function also if available and fallback to rpm_execcon() otherwise. After
> > a while the rpm_execcon() function could be removed from libselinux, on
> > the next ABI break, as I understand was the plan anyway (?).
> >
> > (The patch might not apply w/o the man page cleanup series.)
> >
> > So, what do you think?

> Anyone have any comments?  I don't see a problem if such a function
> would make your life better...

Any further thoughts on this? rpm and dpkg now carry an almost
identical implementation of the proposed function:

  <http://rpm.org/gitweb?p=rpm.git;a=blob;f=plugins/selinux.c;hb=HEAD#l90>
  <http://anonscm.debian.org/gitweb/?p=dpkg/dpkg.git;a=blob;f=src/script.c;hb=HEAD#l146>

Thanks,
Guillem

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.