Ticket #37 (new defect)

Opened 3 years ago

Last modified 3 years ago

Lua scriptlet SELinux awareness

Reported by: pmatilai Assigned to: pmatilai
Priority: major Milestone:
Component: rpm Version: RPM Development
Keywords: Lua Cc:

Description

Normal scriptlets on SELinux enabled system get executed through rpm_execcon() libselinux call, but Lua scriptlets execute in rpm itself, which might not have the same permissions as scriptlets.

For example RhBug:483089 - groupadd is permitted for rpm_script_t but not for rpm_exec_t. One possibility could be SELinux-aware version of os.execute() such as rpm.execute() in the local Lua extensions which uses exec() or rpm_execcon() as appropriate.

Change History

02/23/09 14:46:03 changed by pmatilai

  • keywords set to Lua.