On 04/30/2013 03:42 PM, Miroslav Grepl wrote:
On 04/22/2013 03:11 PM, Daniel J Walsh wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 04/22/2013 04:17 AM, Miroslav Grepl wrote:
On 04/21/2013 02:02 AM, Dave Quigley wrote:
Hello, I added more help text to the semanage-argparse rewrite and
also
implemented support for login. I would like anyone and everyone to
look
at the code and give me feedback. I am in no way shape or form a
python
guru so I'm glad to have any and all constructive feedback. Please
let me
know what you think.
https://github.com/dpquigl/semanage-argparse/
Dave -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
Will check later today.
Mirek -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
createCommandParser()
Should not do the egroup adding the --add or -d...
No reason to pass in the locapPaser or everyone parser. Any option
that is
not common to everyone should just be added in each individual.
DELETE
#Create the parent parser which is use to handle valid_everyone
arguments
everyoneParser = argparse.ArgumentParser(add_help=False)
egroup = everyoneParser.add_mutually_exclusive_group(required=True)
egroup.add_argument('-a', '--add', dest='action',
action='store_const',
const='add', help='Add a record of the specified object type')
egroup.add_argument('-d', '--delete', dest='action',
action='store_const',
const='delete', help='Delete a record of the specified object type')
egroup.add_argument('-m', '--modify', dest='action',
action='store_const',
const='modify', help='Modify a record of the specified object type')
egroup.add_argument('-l', '--list', dest='action',
action='store_const',
const='list', help='List records of the specified object type')
#This is not inuitive but its how the underlying seobject code
works.
Just added these to the commandParser
everyoneParser.add_argument('-n', '--noheading',
action='store_false',
default=True, help='Do not print heading when listing the specified
object type')
everyoneParser.add_argument('-S', '--store', nargs=1,
help='Select an
alternate SELinux Policy Store to manage')
Or maybe just the -S and -h.
The idea would be
semanage -S targeted fcontext -a ...
Should be legal.
If -n is not supported for everyone just add it individually.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlF1Nv0ACgkQrlYvE4MpobPjqQCfbZh0+GLD0JV+dV522TWDSUHf
FZkAoKMnnGEV/tlhO3DcqMmeVRL0LA3F
=iYkf
-----END PGP SIGNATURE-----
Dan,
also how about to use the concept which we have for "sepolicy generate
-h". Basically we can create own usage with this concept. Maybe more
work but we could get the following result:
[mgrepl@avalanche19 semanage-argparse]$ ./semanage-argparse login -h
usage: semanage login [-h] [-r RANGE] [-s SEUSER] ] [ --add LOGIN |
--delete LOGIN | --modify LOGIN |--list ]
positional arguments:
LOGIN login_name | %groupname
optional arguments:
-h, --help show this help message and exit
-a, --add Add a record of the specified object type
-d, --delete Delete a record of the specified object type
-m, --modify Modify a record of the specified object type
-l, --list List records of the specified object type
-s SEUSER, --seuser SEUSER
SELinux user name
-r RANGE, --range RANGE
MLS/MCS Security Range (MLS/MCS Systems only)
SELinux
Range for SELinux login mapping defaults to the
SELinux user record range. SELinux Range for
SELinux
user defaults to s0.
where "a","m","d","l" options are mutually exclusive.
What do you think guys?
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
Actually,
./semanage-argparse login -h
usage: semanage login [-h] [ --add -s SEUSER -r RANGE LOGIN | --delete
LOGIN | --modify -s SEUSER LOGIN | --list ]
positional arguments:
login login_name | %groupname
..
...
....
is better.
David,
I attached a patch how it is generated and how i would like to handle
options. It is just a draft so I apologize for typos and so on. Not sure
if it works for all cases => need to test for all actions/options.
diff --git a/semanage-argparse/semanage-argparse b/semanage-argparse/semanage-argparse
index 9ac374b..b4eabef 100755
--- a/semanage-argparse/semanage-argparse
+++ b/semanage-argparse/semanage-argparse
@@ -11,33 +11,72 @@ class seParser(argparse.ArgumentParser):
self.print_usage()
self.exit(2, ('%s: error: %s\n') % (self.prog, message))
+def handleEveryoneOptions(args):
+ print args
+
def handleLogin(args):
- if args.action != "list" and args.action != "delete" and args.seuser is None:
- print "seuser is required when adding or modifying an entry."
- sys.exit(2)
-
- OBJECT = seobject.loginRecords(args.store)
- if args.action == "add":
- OBJECT.add(args.login, args.seuser[0], args.range)
- elif args.action == "modify":
- OBJECT.modify(args.login, args.seuser[0], args.range)
- elif args.action == "delete":
- OBJECT.delete(args.login)
- elif args.action == "list":
- OBJECT.list(args.noheading, args.locallist)
+ # {action:[conflict_opts,require_opts]}
+ login_args = {'list':[('login','range','seuser'),('')],'add':[(''),('seuser')],'modify':(''), 'delete':('')}
+ if args.action is None:
+ print "Action is needed"
+ sys.exit(1)
else:
- print "Invalid Action not sure how we got here"
+ for k in args.__dict__.keys():
+ if k in login_args[args.action][0] and args.__dict__[k]:
+ print("%s option can not be used with %s" % (args.action,k))
+ sys.exit(1)
+ if k in login_args[args.action][1] and not args.__dict__[k]:
+ print("%s option is needed for %s" % (k,args.action))
+ sys.exit(1)
+
+ #if args.action != "list" and args.action != "delete" and args.seuser is None:
+ # print "seuser is required when adding or modifying an entry."
+ # sys.exit(2)
+ #OBJECT = seobject.loginRecords(args.store)
+ #if args.action == "add":
+ # OBJECT.add(args.login, args.seuser[0], args.range)
+ #elif args.action == "modify":
+ # OBJECT.modify(args.login, args.seuser[0], args.range)
+ #elif args.action == "delete":
+ # OBJECT.delete(args.login)
+ #elif args.action == "list":
+ # OBJECT.list(args.noheading, args.locallist)
+ #else:
+ # print "Invalid Action not sure how we got here"
+usage_login = "semanage login [-h] ["
+usage_login_dict = {' --add':('-s SEUSER','-r RANGE','LOGIN',),' --modify':('-s SEUSER','LOGIN',),' --delete':('LOGIN',), '--list':('',)}
+
+def generate_custom_usage(usage_text,usage_dict):
+ sorted_keys = []
+ for i in usage_dict.keys():
+ sorted_keys.append(i)
+ sorted_keys.sort()
+ for k in sorted_keys:
+ usage_text += "%s %s |" % (k,(" ".join(usage_dict[k])))
+ usage_text = usage_text[:-1] + "]"
+ usage_text = _(usage_text)
+
+ return usage_text
-def setupLoginParser(subparsers, parents):
- loginParser = subparsers.add_parser('login', help='Manage login mappings between linux users and SELinux confined users', parents=parents)
+def setupLoginParser(subparsers):
+#def setupLoginParser(subparsers, parents):
+ generate_usage = generate_custom_usage(usage_login, usage_login_dict)
+ loginParser = subparsers.add_parser('login', usage=generate_usage, help='Manage login mappings between linux users and SELinux confined users')
+ login_type = loginParser.add_mutually_exclusive_group(required=False)
+ login_type.add_argument('-a', '--add', dest='action', action='store_const', const='add', help='Add a record of the specified object type')
+ login_type.add_argument('-d', '--delete', dest='action', action='store_const', const='delete', help='Delete a record of the specified object type')
+ login_type.add_argument('-m', '--modify', dest='action', action='store_const', const='modify', help='Modify a record of the specified object type')
+ #list_type = loginParser.add_mutually_exclusive_group(required=False)
+ login_type.add_argument('-l', '--list', dest='action', action='store_const', const='list', help='List records of the specified object type')
loginParser.add_argument('-s', '--seuser', nargs=1, help='SELinux user name')
loginParser.add_argument('-r', '--range', nargs=1, default="", help='''MLS/MCS Security Range (MLS/MCS Systems only)
SELinux Range for SELinux login mapping
defaults to the SELinux user record range.
SELinux Range for SELinux user defaults to s0.''')
- loginParser.add_argument('login', nargs='?', default='None', help='login_name | %%groupname')
+ loginParser.add_argument('login', nargs='?', default=None, help='login_name | %%groupname')
+
loginParser.set_defaults(func=handleLogin)
def handleUser(args):
@@ -207,7 +246,8 @@ def createCommandParser():
#To add a new subcommand define the parser for it in a function above and call it here.
subparsers = commandParser.add_subparsers(dest='subcommand')
- setupLoginParser(subparsers, [everyoneParser,localParser])
+ #setupLoginParser(subparsers, [everyoneParser,localParser])
+ setupLoginParser(subparsers)
setupUserParser(subparsers, [everyoneParser,localParser])
setupPortParser(subparsers, [everyoneParser,localParser])
setupInterfaceParser(subparsers, [everyoneParser,localParser])
@@ -223,12 +263,12 @@ def createCommandParser():
if __name__ == '__main__':
commandParser = createCommandParser()
- if len(sys.argv) < 2:
- commandParser.print_help()
- exit(1)
+ #if len(sys.argv) < 2:
+ # commandParser.print_help()
+ # exit(1)
args = commandParser.parse_args()
args.func(args)
-
\ No newline at end of file
+
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
