On 12/14/2012 07:10, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/13/2012 06:30 PM, David Quigley wrote:
On 12/13/2012 14:13, David Quigley wrote:
On 12/13/2012 10:41, Konstantin Ryabitsev wrote:
On Wed, Dec 12, 2012 at 10:03 PM, Dave Quigley
<selinux@xxxxxxxxxxxxxxx> wrote:
I'm actually going to try to pull together just the parsers
without
any backend functionality to see how feasible this is and how it
looks. If we like how it looks and its possible we can move
forward
with it. I think that since --ftype is a longarg that argparse
might
be able to handle it. If not then some manipulation of things
might
be in order (like making an = between --ftype and the -d).
Note that --ftype can be also written as -f. So, really, if you
want to
be fully backwards-compatible, you'll need to correctly parse the
following:
semanage fcontext -d -f -d /some/dir
-- Konstantin Ryabitsev LinuxFoundation.org Montréal, Québec
Which brings up a good question. Is there a test suite we can use
to
ensure that the new interface matches the old interface? A
regression
suite for semanage would be very useful in this case. We could
start with
everything failing and rebuild the interface one at a time untill
everything passes again. -- selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
I Haven't typed in all of the help info yet but the link is to a
pastbin
with the usage information for the semanage login subcommand. I just
need
to get it to react that way when there are 0 arguments passed in as
well.
Right now it will print this when you type semanage login -h or
--help. I
want it to print this on semanage login with no arguments as well.
http://pastebin.com/KTtNk0rC -- selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
I love it. This has been on my long list of cleanups for a while,
but we
never seem to get to it. I looked at this a while ago, and at the
time the
hardest problem I saw was the fact that semanage without arguments
was
difficult to do.
Output local customizations
semanage [ -S store ] -o [ output_file | - ]
Input local customizations
semanage [ -S store ] -i [ input_file | - ]
argparser does not allow "optional arguments" like this.
I agree that I'm not sure how possible it is to do that. It might be a
good idea to change from semanage -i inputfile or semanage -o outputfile
into semanage backup and semanage restore. Semantically those words make
sense as a subcommand and makes it clear as to what it is actually
doing. Its also easy to implement them.
A cleanup of the man page would also be great. The new sepolicy tool
suite is
using argparse and separate man pages for each subcommand, and I
really like it.
Yea I agree that a manpage for semanage-port semanage-fcontext etc is
the way to go.
I think bash-completion eliminates the need for semanage-fcontext
Since you
can do.
semanage <tab><tab>
boolean fcontext login node port
dontaudit interface module permissive user
I agree. It wasn't clear to me if doing this had any real benefit. If
we didn't have bash completion it might have but now that we do I don't
see a need for it.
Dave
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
