Stephen Smalley wrote:
On Wed, 2006-03-29 at 09:47 -0500, Ivan Gyurdiev wrote:
One last thing: is it possible to add multiple objects in a single
semanage call?
I don't think the python frontend supports it, but the backend library
certainly does - it's transactional, and only the commit takes a long
time. It seems like this would be useful to people - Dan?
Not sure what the user interface would look like. semodule already
supports multiple operations on a single command line, e.g.
semodule -b base.pp -i a.pp -i b.pp
but semanage syntax is a bit more complicated.
Are we talking about just adding multiple objects of the same type in a
single command, e.g. collapsing
semanage port -a -t http_port_t -p tcp 81
semanage port -a -t http_cache_port_t -p tcp 8081
to something like:
semanage port -a -t http_port_t -p tcp 81 -a -t http_cache_port_t -p tcp 8080
Or dealing with arbitrary combinations, e.g. collapsing
semanage port -a -t http_port_t -p tcp 81
semanage fcontext -a -t httpd_sys_content_t '/web(/.*)?'
to some single command line?
That would result in a very complex command-line parser and be difficult
for users as well as developers. It could get even worse, such as
wanting to combine add and modify operations.
An alternative approach might be to provide an option to skip the policy
rebuild. That way you could do a string of semanage commands and use the
"skip rebuild" option on all but the last of them.
Paul.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
