Would it be possible to add a description flag for getsebool so that it will produce a description of a bool out to the user when they pass -d? One of the problems of getsebool is that it only shows you what bools are there but not what they are supposed to do. I expect this should make it much more straightforward for sysadmins to implement selinux on their systems. Im aware that man pages do produce useful descriptions of bools however I would think it would be much more convenient to do it this way. Also some tunables for whatever reason might not be documented in man pages or custom policy may not have man pages for it but it could add the bool description in XML somewhere else. Additionally getsebool -a -d should produce a description for all bools so a sysadmin can grep for keywords. How feasible would this be to do? -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
