On 10/8/19 2:44 AM, Masatake YAMATO wrote:
dispol command requires interaction, and is not suitable for using
in a script. This patch set introduces -b that is for running
dispol in non-interactively.
An example:
$ ./dispol -b 1 /sys/fs/selinux/policy
allow deltacloudd_log_t tmp_t : filesystem { associate };
allow kern_unconfined sysctl_type : lnk_file { ioctl read ...
What is your intended use case for this support, i.e. how do you
envision using dispol in scripts?
If you just want to decompile policy, I'd recommend using checkpolicy
-F/--conf or checkpolicy -c/--cil, ala:
checkpolicy -M -b /sys/fs/selinux/policy -F -o policy.conf
or
checkpolicy -M -b /sys/fs/selinux/policy -C -o policy.cil
...
Masatake YAMATO (5):
dispol: extend usage() to take exit status
dispol: add an option for printing the command usage
dispol: introduce a local variable representing the input file
dispol: introduce -b option to run commands in batch
dispol: add the list of commands for batch mode to help message
checkpolicy/test/dispol.c | 96 ++++++++++++++++++++++++++++-----------
1 file changed, 69 insertions(+), 27 deletions(-)
