On 12/14/2012 05:48 PM, David Quigley wrote:
On 12/14/2012 07:10, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/13/2012 06:30 PM, David Quigley wrote:
On 12/13/2012 14:13, David Quigley wrote:
On 12/13/2012 10:41, Konstantin Ryabitsev wrote:
On Wed, Dec 12, 2012 at 10:03 PM, Dave Quigley
<selinux@xxxxxxxxxxxxxxx> wrote:
I'm actually going to try to pull together just the parsers without
any backend functionality to see how feasible this is and how it
looks. If we like how it looks and its possible we can move forward
with it. I think that since --ftype is a longarg that argparse might
be able to handle it. If not then some manipulation of things might
be in order (like making an = between --ftype and the -d).
Note that --ftype can be also written as -f. So, really, if you
want to
be fully backwards-compatible, you'll need to correctly parse the
following:
semanage fcontext -d -f -d /some/dir
-- Konstantin Ryabitsev LinuxFoundation.org Montréal, Québec
Which brings up a good question. Is there a test suite we can use to
ensure that the new interface matches the old interface? A regression
suite for semanage would be very useful in this case. We could
start with
everything failing and rebuild the interface one at a time untill
everything passes again. -- selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
I Haven't typed in all of the help info yet but the link is to a
pastbin
with the usage information for the semanage login subcommand. I just
need
to get it to react that way when there are 0 arguments passed in as
well.
Right now it will print this when you type semanage login -h or
--help. I
want it to print this on semanage login with no arguments as well.
http://pastebin.com/KTtNk0rC -- selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
I love it. This has been on my long list of cleanups for a while,
but we
never seem to get to it. I looked at this a while ago, and at the
time the
hardest problem I saw was the fact that semanage without arguments was
difficult to do.
Output local customizations
semanage [ -S store ] -o [ output_file | - ]
Input local customizations
semanage [ -S store ] -i [ input_file | - ]
argparser does not allow "optional arguments" like this.
I agree that I'm not sure how possible it is to do that. It might be a
good idea to change from semanage -i inputfile or semanage -o
outputfile into semanage backup and semanage restore. Semantically
those words make sense as a subcommand and makes it clear as to what
it is actually doing. Its also easy to implement them.
A cleanup of the man page would also be great. The new sepolicy tool
suite is
using argparse and separate man pages for each subcommand, and I
really like it.
Yea I agree that a manpage for semanage-port semanage-fcontext etc is
the way to go.
I think bash-completion eliminates the need for semanage-fcontext
Since you
can do.
semanage <tab><tab>
boolean fcontext login node port
dontaudit interface module permissive user
I agree. It wasn't clear to me if doing this had any real benefit. If
we didn't have bash completion it might have but now that we do I
don't see a need for it.
Dave
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
I agree with all. Basically it can be done with some news in semanage
commands. Basically I wanted to keep the same format when I was doing
some work on this. A lot of "semanage" commands are used in install,
rpm, setup scripts.
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux