If - is given as filename for -o option, checkpolicy
writes the policy to standard output. This helps users
to read policy.conf and/or CIL policy file with pager
like less command:
$ checkpolicy -M -F -b /sys/fs/selinux/policy -o - | less
The users don't have to make a temporary file.
/dev/stdout can be used instead. However, - reduces the number of
typing for the purpose. Using - for standard output (and/or standard
input) is popular convention.
Signed-off-by: Masatake YAMATO <yamato@xxxxxxxxxx>
---
checkpolicy/checkpolicy.8 | 5 +++--
checkpolicy/checkpolicy.c | 24 +++++++++++++++++++-----
2 files changed, 22 insertions(+), 7 deletions(-)
diff --git a/checkpolicy/checkpolicy.8 b/checkpolicy/checkpolicy.8
index db57751c..bdfd6acd 100644
--- a/checkpolicy/checkpolicy.8
+++ b/checkpolicy/checkpolicy.8
@@ -3,7 +3,7 @@
checkpolicy \- SELinux policy compiler
.SH SYNOPSIS
.B checkpolicy
-.I "[\-b[F]] [\-C] [\-d] [\-U handle_unknown (allow,deny,reject)] [\-M] [\-c policyvers] [\-o output_file] [\-S] [\-t target_platform (selinux,xen)] [\-V] [input_file]"
+.I "[\-b[F]] [\-C] [\-d] [\-U handle_unknown (allow,deny,reject)] [\-M] [\-c policyvers] [\-o output_file|\-] [\-S] [\-t target_platform (selinux,xen)] [\-V] [input_file]"
.br
.SH "DESCRIPTION"
This manual page describes the
@@ -41,7 +41,8 @@ Specify the policy version, defaults to the latest.
.TP
.B \-o,\-\-output filename
Write a policy file (binary, policy.conf, or CIL policy)
-to the specified filename.
+to the specified filename. If - is given as filename,
+write it to standard output.
.TP
.B \-S,\-\-sort
Sort ocontexts before writing out the binary policy. This option makes output of checkpolicy consistent with binary policies created by semanage and secilc.
diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c
index e18de171..81bd2a9d 100644
--- a/checkpolicy/checkpolicy.c
+++ b/checkpolicy/checkpolicy.c
@@ -112,7 +112,7 @@ static __attribute__((__noreturn__)) void usage(const char *progname)
{
printf
("usage: %s [-b[F]] [-C] [-d] [-U handle_unknown (allow,deny,reject)] [-M] "
- "[-c policyvers (%d-%d)] [-o output_file] [-S] "
+ "[-c policyvers (%d-%d)] [-o output_file|-] [-S] "
"[-t target_platform (selinux,xen)] [-V] [input_file]\n",
progname, POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
exit(1);
@@ -390,7 +390,8 @@ int main(int argc, char **argv)
struct sepol_av_decision avd;
class_datum_t *cladatum;
const char *file = txtfile;
- char ans[80 + 1], *outfile = NULL, *path, *fstype;
+ char ans[80 + 1], *path, *fstype;
+ const char *outfile = NULL;
size_t scontext_len, pathlen;
unsigned int i;
unsigned int protocol, port;
@@ -638,9 +639,20 @@ int main(int argc, char **argv)
}
if (outfile) {
- outfp = fopen(outfile, "w");
+ int use_stdout = !strcmp(outfile, "-");
+ if (use_stdout) {
+ outfp = stdout;
+ outfile = "<STDOUT>";
+ } else {
+ outfp = fopen(outfile, "w");
+ }
+
if (!outfp) {
- perror(outfile);
+ if (use_stdout)
+ fprintf(stderr, "%s: error to use %s\n",
+ argv[0], outfile);
+ else
+ perror(outfile);
exit(1);
}
@@ -682,7 +694,9 @@ int main(int argc, char **argv)
}
}
- fclose(outfp);
+ if (outfp != stdout) {
+ fclose(outfp);
+ }
} else if (cil) {
fprintf(stderr, "%s: No file to write CIL was specified\n", argv[0]);
exit(1);
--
2.21.0
