From: Petr Lautrbach <plautrba@redhat.com>
To: Sven Vermeulen <sven.vermeulen@siphos.be>,
Stephen Smalley <sds@tycho.nsa.gov>
Cc: selinux@tycho.nsa.gov
Subject: Re: [PATCH] Only invoke RPM on RPM-enabled Linux distributions
Date: Fri, 12 Jun 2015 15:00:09 +0200 [thread overview]
Message-ID: <557AD7D9.8090400@redhat.com> (raw)
In-Reply-To: <20150611152202.GA13058@siphos.be>
[-- Attachment #1: Type: text/plain, Size: 1320 bytes --]
Dne 11.6.2015 v 17:22 Sven Vermeulen napsal(a):
> On Tue, Jun 09, 2015 at 08:19:24AM -0400, Stephen Smalley wrote:
>> On 06/09/2015 07:26 AM, Sven Vermeulen wrote:
>>> In this patch, we use the Python platform module to get the Linux
>>> distribution, and only start the RPM-related activities on Linux
>>> distributions that use RPM as their native package manager.
>>>
>>> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
>>
>> Is there a more general way that we could do this without hardcoding
>> checks of distribution names? Maybe we could just test for the
>> existence of rpm?
>
> That wouldn't be sufficient.
>
> The rpm binary might be installed for other reasons. The code in sepolicy is
> used to query the rpm database and search for specific package names. This
> is distribution-specific behavior.
>
> If you rather check on the rpm binary, then additional checks will need to
> be added to make sure that the assumptions that the code takes (such as
> "selinux-policy" package being available) are valid as well.
It might be useful to amend the code to check a return value of
get_rpm_nvr_list(). If it's None, you can assume that rpm is not
installed since rpmlib is probably unusable or there's no valid rpm
database entries.
Petr
--
Petr Lautrbach
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
next prev parent reply other threads:[~2015-06-12 13:00 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-09 11:26 [PATCH] Only invoke RPM on RPM-enabled Linux distributions Sven Vermeulen
2015-06-09 12:19 ` Stephen Smalley
2015-06-11 15:22 ` Sven Vermeulen
2015-06-12 12:33 ` Stephen Smalley
2015-06-12 13:00 ` Petr Lautrbach [this message]
2015-06-12 12:59 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=557AD7D9.8090400@redhat.com \
--to=plautrba@redhat.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
--cc=sven.vermeulen@siphos.be \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.