Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Localize our chroot in/out operations to minimize time spent inside #836

Merged
merged 2 commits into from
Sep 25, 2019
Merged

Localize our chroot in/out operations to minimize time spent inside #836

merged 2 commits into from
Sep 25, 2019

Commits on Sep 20, 2019

  1. Refactor goal execution out of rpmpsmRun() 

    rpmpsmRun() has gathered so much extra logic around the beef that this
seems reasonable. In particular this makes the next commit much nicer.
    @pmatilai
    pmatilai committed Sep 20, 2019
    Configuration menu
    Copy the full SHA
    ccbb34b View commit details
    Browse the repository at this point in the history

  2. Localize our chroot in/out operations during transactions 

    The primary motivation here is to consolidate all database writes
(open, write, close) on one side of the chroot, currently it happens on
both sides of the border causing all sorts of issues and limitations (such
as preventing more advanced modes of BDB, not to mention other databases).
As a positive side-effect, the sections where we potentially run
inside chroot are more easily identifiable.

Consolidating on the outside may seem counter-productive, to improve
security it seems you'd want to spend as much time *in* as possible,
including database accesses. Unfortunately due to rpm's access patterns
and API promises, that's not really achievable (tried several approaches,
run into as many dead-ends).

Technically we could localize the chroot placement much further, but
doing so would change the side for transaction callbacks, which could
cause nasty breakage for our API users as various clients use those
callback slots to update their own databases and logs. So the chroot
spots here are selected to cover minimum possible code while preserving
the chroot side of callbacks and plugin slots: RPMCALLBACK_INST_OPEN/CLOSE,
ELEM_PROGRESS and VERIFY_* occur outside the chroot, everything else inside.
Of plugin slots, init/cleanup and tsm_pre/post occur outside, everything
else inside.
    @pmatilai
    pmatilai committed Sep 20, 2019
    Configuration menu
    Copy the full SHA
    dd89df2 View commit details
    Browse the repository at this point in the history