Daniel J Walsh wrote:
On 08/18/2009 05:41 PM, Chad Sellers wrote:
On 8/18/09 5:35 PM, "Daniel J Walsh"<dwalsh@xxxxxxxxxx> wrote:
On 08/17/2009 05:45 PM, Chad Sellers wrote:
On 7/17/09 6:10 AM, "Daniel J Walsh"<dwalsh@xxxxxxxxxx> wrote:
Ok lets try the patch again.
Added equal patch (spelled correctly.)
Beginning to add modules support to consolidate on one management command.
Eventually replace semodule/setsebool with semanage command.
Some white space fixing in seobject.py
As I said previously, I've split this patch into the 3 separate patches
(whitespace, equal, modules) for review purposes, as it was too difficult to
get through with the 3 different patches interspersed. Please try to split
up functional patches in the future.
This message will apply to the modules patch only.
diff --git a/policycoreutils/semanage/semanage
b/policycoreutils/semanage/semanage
index 1688d85..072453d 100644
--- a/policycoreutils/semanage/semanage
+++ b/policycoreutils/semanage/semanage
@@ -44,7 +44,7 @@ if __name__ == '__main__':
text = _("""
semanage [ -S store ] -i [ input_file | - ]
-semanage {boolean|login|user|port|interface|node|fcontext|translation}
-{l|D}
[-n]
+semanage
{module,boolean|login|user|port|interface|node|fcontext|translation}
-{l|D} [-n]
semanage login -{a|d|m} [-sr] login_name | %groupname
semanage user -{a|d|m} [-LrRP] selinux_name
semanage port -{a|d|m} [-tr] [ -p proto ] port | port_range
@@ -53,7 +53,8 @@ semanage node -{a|d|m} [-tr] [ -p protocol ] [-M netmask]
addr
semanage fcontext -{a|d|m} [-frst] [-e path ] file_spec
semanage translation -{a|d|m} [-T] level
semanage boolean -{d|m} [--on|--off|-1|-0] -F boolean | boolean_file
-semanage permissive -{d|a} type
+semanage permissive -{a|d} type
+semanage module -{a|d|} module
Primary Options:
@@ -68,6 +69,7 @@ Primary Options:
-h, --help Display this message
-n, --noheading Do not print heading when listing OBJECTS
-S, --store Select and alternate SELinux store to manage
+ --dontaudit Turn on or off dontaudit rules
Need to specify that this takes an integer argument (1 or 0) here. Also,
need to specify which command this is valid for, which appears to be the
module command. Why is this an option for the module command? It doesn't
seem to have anything to do with a particular module. Should this just be
its own command?
I think it should be just for the modules command.
Care to explain why? As your usage above shows, the module command is for
adding or deleting modules. This functionality has nothing to do with that.
--dontaudit is for specifying globally that dontaudit's should be turned
on/off. It's not an option that modifies the behavior of adding or deleting
a module, it's a completely separate thing.
No I don't care to explain why, now that you shot down my idea. :^)
I guess it should be a separate command
What do you think of.
semanage dontaudit -a
semanage dontaudit -d
I like it being a separate command since it really is a global thing but the
syntax above seems very confusing. Can we depart from the add/remove paradigm
for this one and use something more appropriate, like on/off, enable/disable,
audit/dontaudit, or something similar?
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
