This replaces the old matchpathcon interfaces with the new selabel
interfaces for relabeling files, storing an selabel handle in the
transaction set.
With this change, also comes an added distinction between --nocontexts
being specified and a failure to read the load file contexts.
Previously, there was no distinction, and both cases used the
RPMTRANS_FLAG_NOCONTEXTS flag.
However, with the new policy plugin, it is necessary to make such a
distinction. This is because matchpathcon_init (now selabel interfaces)
can fail at the beginning of the transaction, but succeed later after
new policy is installed. Because of this, we may need to enable/disable
RPMTRANS_FLAG_NOCONTEXTS multiple times. However, because this flag
could also mean --nocontexts, we cannot do that. By storing the selabel
handle in the rpmts, we can easily keep track if the handle has been
successfully created, rather than overloading RPMTRANS_FLAG_NOCONTEXTS
with two meanings.
This patch adds a simple plugin system that makes simple problems easy to
solve, and difficult problems, such as SELinux, possible.
When the transaction gets to the point where a collection action should occur,
it expands a macro of the form %__collection_<collection name> to get the path
to a plugin and any additional options. The plugin is dlopen'ed, and the
appropriate function is called in the plugin, with the additional arguments
passed in.
This also adds a --nocollections option to disable performing Collection
actions.
- all uses of dgettext() and friends are already protected by
appropriate ifdef's, no need to provide dummy defines here
- setlocale() and <locale.h> are required by C89, C99 and POSIX .. assume
its there and if not, one can disable the whole thing with --disable-nls
- just two places where needed, dont pollute system.h needlessly
- include depending on HAVE_MMAP instead of separately checking for
sys/mman.h, if sys/mman.h doesn't exist or is broken HAVE_MMAP wont be set
- the AC_HEADER_TIME check is unnecessary for any remotely recent systems,
and the HAVE_SYS_TIME_H conditional in system.h is just broken as we
dont even check for <sys/time.h> header in configure
- dont include from system.h, the time.h and sys/time.h get already
included through our public headers where necessary
- move the includes out of system.h, not commonly needed
- <poll.h> is conditional as we actually provide a fallback through select(),
but for <sys/select.h> missing there's no fallback so doesn't make
much sense to test for (and both poll.h and sys/select.h are posix anyway...)
- practially all the data in rpmfi needs to be treated as const, these
are just a funky special case which point to header memory for the
couple of cases where KEEPHEADER is still used
- Consistent across platforms and will allow some things macros dont and
memory checkers these days are smart enough to get decent output anyway
- Minimal namespacing with r-prefix, add compatibility macros to system.h
for now so we dont have to change the entire codebase for this
- Also make rpmutil.h where the declarations and gcc __attribute__ macros
are available everywhere
- POSIX doesn't require PATH_MAX to be defined as constant, and Hurd
doesn't define it...
- deal with it just once in system.h for now, the proper fix is to get
rid of needing it at all (ie add a mallocing realpath() clone to librpmio)
- patch from Adam Tkac
- new rpmfiFCaps() API to retrieve the info from rpmfi set
- fsm internals quite similar to selinux handling
- plenty of #ifdef's, another possibility would be adding cap_foo dummies to
system.h like for selinux
- if built with --with-acl, check that files and directories don't have
any extra acl's set
- for now, any acl beyond the regular unix permission set is reported as
file mode difference as the acl's cannot have been set by rpm itself
- patch from Andreas Gruenbacher, modified to use libacl instead of raw
xattrs for portability, BUT atm this uses non-portable acl_equiv_mode()
Linux libacl extension, the posix draft doesn't seem to have much in
the way of comparing entries :-/
- add minimal bits and pieces to check for capabilities in files on verify
- for now, any capability set is a verification failure as the capability
cannot have been set by rpm itself
- patch from Andreas Gruenbacher, modified to use libcap instead of raw
xattrs for portability
- _free() is just a wrapper to free() which additionally returns NULL
- add _constfree() for use in the cases where const is used to protect
malloced "read-only" data in long-lived otherwise exposed structures etc