Cleaning up semanage

[Dave Quigley]

On 12/13/2012 6:19 AM, Miroslav Grepl wrote:
> On 12/13/2012 04:03 AM, Dave Quigley wrote:
>> On 12/12/2012 7:40 PM, Konstantin Ryabitsev wrote:
>>> On Wed, Dec 12, 2012 at 2:57 PM, David Quigley
>>> <selinux at davequigley.com> wrote:
>>>> I've given a few talks on SELinux over the past year and I've spoken
>>>> to a
>>>> bunch of people on google+ about SELinux and one topic keeps coming
>>>> up. Many
>>>> people find semanage to be large and convoluted with the help text
>>>> being way
>>>> to large to sort through. The latter part of the complaint is easy to
>>>> address. The code for argument parsing in semanage (last time I
>>>> checked)
>>>> doesn't use things like argparse. If we switched it over to argparse we
>>>> could get per sub-command help messages that would be more useful to
>>>> people
>>>> when they messed up a sub-command. Would anyone be opposed if I
>>>> spent the
>>>> time to migrate semanage argument parsing and help messages over to
>>>> argparse
>>>> or a similar library?
>>>
>>> I'm not sure that's even possible. For example, my all-time favourite
>>> "quirk" of semanage is:
>>>
>>> semanage fcontext -d --ftype -d /some/dir
>>>
>>> The first -d is the flag, while the second -d is actually a value
>>> passed to --ftype. I'm not sure if argparse will do the right job
>>> parsing this -- my brain certainly doesn't. :)
>>>
>>> Best,
>>> --
>>> Konstantin Ryabitsev
>>> LinuxFoundation.org
>>> Montréal, Québec
>>>
>>
>> I'm actually going to try to pull together just the parsers without
>> any backend functionality to see how feasible this is and how it
>> looks. If we like how it looks and its possible we can move forward
>> with it. I think that since --ftype is a longarg that argparse might
>> be able to handle it. If not then some manipulation of things might be
>> in order (like making an = between --ftype and the -d).
>>
>> Dave
>> --
>> selinux mailing list
>> selinux at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/selinux
> Hi,
> basically I have it on my TODO list to re-write "semanage" to use
> argparse. But I did some work on it and it is not so easy. But we can
> work together to make this working.
>
> Regards,
> Miroslav
>
>
>
>

I started just the top level subcommand code last night which is the 
trivial part. Tonight I'll try to implement individual subcommand 
parsers for each of the commands. Hopefully once I start doing those 
I'll be able to get an idea of where the problems are. There is a lot of 
flexibility in what you can do with argparse but sometimes they decided 
just not to extend certain functionality to subparsers. I think it will 
probably require extensive use of groups and mutually_exclusive_groups 
and all of the argument features to get it working but will make the 
code cleaner and easy to extend. If you'd like I can work on the parsers 
and giving you namespace objects and then you can take those and massage 
the arguments into whats needed for you to pass into the seobject classes.

Dave

Dave