Dan has a patch in Fedora which causes semanage -a to act like semanage
-m if the record already exists instead of raising an error and
aborting. Example of the patch is below:
@@ -493,7 +493,9 @@ class loginRecords(semanageRecords):
if rc < 0:
raise ValueError(_("Could not check if login mapping for %s is defined") % name)
if exists:
- raise ValueError(_("Login mapping for %s is already defined") % name)
+ semanage_seuser_key_free(k)
+ return self.__modify(name, sename, serange)
+
What do others think about this? Should we cause -a to act like -m or
should it abort? Should we force the -a -> -m logic up to the caller?
I guess I'm fine with either. Is semanage -a enough like semodule -i
and -m like -u that this would actually be expected behavior?
-Eric
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
