On 8/19/09 3:20 PM, "Daniel J Walsh" <dwalsh@xxxxxxxxxx> wrote:
> On 08/19/2009 09:53 AM, Joshua Brindle wrote:
>> Daniel J Walsh wrote:
>>> On 08/18/2009 05:41 PM, Chad Sellers wrote:
>>>> On 8/18/09 5:35 PM, "Daniel J Walsh"<dwalsh@xxxxxxxxxx> wrote:
>>>>
>>>>> On 08/17/2009 05:45 PM, Chad Sellers wrote:
>>>>>> On 7/17/09 6:10 AM, "Daniel J Walsh"<dwalsh@xxxxxxxxxx> wrote:
>>>>>>
>>>>>>> Ok lets try the patch again.
>>>>>>>
>>>>>>> Added equal patch (spelled correctly.)
>>>>>>> Beginning to add modules support to consolidate on one management
>>>>>>> command.
>>>>>>> Eventually replace semodule/setsebool with semanage command.
>>>>>>> Some white space fixing in seobject.py
>>>>>> As I said previously, I've split this patch into the 3 separate
>>>>>> patches
>>>>>> (whitespace, equal, modules) for review purposes, as it was too
>>>>>> difficult to
>>>>>> get through with the 3 different patches interspersed. Please try
>>>>>> to split
>>>>>> up functional patches in the future.
>>>>>>
>>>>>> This message will apply to the modules patch only.
>>>>>>
>>>>>>> diff --git a/policycoreutils/semanage/semanage
>>>>>>> b/policycoreutils/semanage/semanage
>>>>>>> index 1688d85..072453d 100644
>>>>>>> --- a/policycoreutils/semanage/semanage
>>>>>>> +++ b/policycoreutils/semanage/semanage
>>>>>>> @@ -44,7 +44,7 @@ if __name__ == '__main__':
>>>>>>> text = _("""
>>>>>>> semanage [ -S store ] -i [ input_file | - ]
>>>>>>>
>>>>>>> -semanage
>>>>>>> {boolean|login|user|port|interface|node|fcontext|translation}
>>>>>>> -{l|D}
>>>>>>> [-n]
>>>>>>> +semanage
>>>>>>> {module,boolean|login|user|port|interface|node|fcontext|translation}
>>>>>>> -{l|D} [-n]
>>>>>>> semanage login -{a|d|m} [-sr] login_name | %groupname
>>>>>>> semanage user -{a|d|m} [-LrRP] selinux_name
>>>>>>> semanage port -{a|d|m} [-tr] [ -p proto ] port | port_range
>>>>>>> @@ -53,7 +53,8 @@ semanage node -{a|d|m} [-tr] [ -p protocol ] [-M
>>>>>>> netmask]
>>>>>>> addr
>>>>>>> semanage fcontext -{a|d|m} [-frst] [-e path ] file_spec
>>>>>>> semanage translation -{a|d|m} [-T] level
>>>>>>> semanage boolean -{d|m} [--on|--off|-1|-0] -F boolean |
>>>>>>> boolean_file
>>>>>>> -semanage permissive -{d|a} type
>>>>>>> +semanage permissive -{a|d} type
>>>>>>> +semanage module -{a|d|} module
>>>>>>>
>>>>>>> Primary Options:
>>>>>>>
>>>>>>> @@ -68,6 +69,7 @@ Primary Options:
>>>>>>> -h, --help Display this message
>>>>>>> -n, --noheading Do not print heading when listing OBJECTS
>>>>>>> -S, --store Select and alternate SELinux store to
>>>>>>> manage
>>>>>>> + --dontaudit Turn on or off dontaudit rules
>>>>>>>
>>>>>> Need to specify that this takes an integer argument (1 or 0) here.
>>>>>> Also,
>>>>>> need to specify which command this is valid for, which appears to
>>>>>> be the
>>>>>> module command. Why is this an option for the module command? It
>>>>>> doesn't
>>>>>> seem to have anything to do with a particular module. Should this
>>>>>> just be
>>>>>> its own command?
>>>>>>
>>>>> I think it should be just for the modules command.
>>>> Care to explain why? As your usage above shows, the module command is
>>>> for
>>>> adding or deleting modules. This functionality has nothing to do with
>>>> that.
>>>> --dontaudit is for specifying globally that dontaudit's should be turned
>>>> on/off. It's not an option that modifies the behavior of adding or
>>>> deleting
>>>> a module, it's a completely separate thing.
>>>>
>>> No I don't care to explain why, now that you shot down my idea. :^)
>>>
>>> I guess it should be a separate command
>>>
>>> What do you think of.
>>>
>>> semanage dontaudit -a
>>> semanage dontaudit -d
>>>
>>
>> I like it being a separate command since it really is a global thing but
>> the syntax above seems very confusing. Can we depart from the add/remove
>> paradigm for this one and use something more appropriate, like on/off,
>> enable/disable, audit/dontaudit, or something similar?
>>
>>
>> --
>> This message was distributed to subscribers of the selinux mailing list.
>> If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx
>> with
>> the words "unsubscribe selinux" without quotes as the message.
>>
>>
>
> semanage dontaudit on
> semanage dontaudit off
Sounds great to me.
Chad
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
