Cleaning up semanage

David Quigley selinux at davequigley.com
Fri Dec 14 16:57:33 UTC 2012 

On 12/14/2012 11:48, David Quigley wrote:
> On 12/14/2012 07:10, Daniel J Walsh wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On 12/13/2012 06:30 PM, David Quigley wrote:
>>> On 12/13/2012 14:13, David Quigley wrote:
>>>> On 12/13/2012 10:41, Konstantin Ryabitsev wrote:
>>>>> On Wed, Dec 12, 2012 at 10:03 PM, Dave Quigley
>>>>> <selinux at davequigley.com> wrote:
>>>>>> I'm actually going to try to pull together just the parsers 
>>>>>> without
>>>>>> any backend functionality to see how feasible this is and how it
>>>>>> looks. If we like how it looks and its possible we can move 
>>>>>> forward
>>>>>> with it. I think that since --ftype is a longarg that argparse 
>>>>>> might
>>>>>> be able to handle it. If not then some manipulation of things 
>>>>>> might
>>>>>> be in order (like making an = between --ftype and the -d).
>>>>>
>>>>> Note that --ftype can be also written as -f. So, really, if you 
>>>>> want to
>>>>> be fully backwards-compatible, you'll need to correctly parse the
>>>>> following:
>>>>>
>>>>> semanage fcontext -d -f -d /some/dir
>>>>>
>>>>> -- Konstantin Ryabitsev LinuxFoundation.org Montréal, Québec
>>>>
>>>>
>>>> Which brings up a good question. Is there a test suite we can use 
>>>> to
>>>> ensure that the new interface matches the old interface? A 
>>>> regression
>>>> suite for semanage would be very useful in this case. We could 
>>>> start with
>>>> everything failing and rebuild the interface one at a time untill
>>>> everything passes again. -- selinux mailing list
>>>> selinux at lists.fedoraproject.org
>>>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>>>
>>>
>>> I Haven't typed in all of the help info yet but the link is to a 
>>> pastbin
>>> with the usage information for the semanage login subcommand. I 
>>> just need
>>> to get it to react that way when there are 0 arguments passed in as 
>>> well.
>>> Right now it will print this when you type semanage login -h or 
>>> --help. I
>>> want it to print this on semanage login with no arguments as well.
>>>
>>> http://pastebin.com/KTtNk0rC -- selinux mailing list
>>> selinux at lists.fedoraproject.org
>>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>>
>> I love it.  This has been on my long list of cleanups for a while, 
>> but we
>> never seem to get to it.  I looked at this a while ago, and at the 
>> time  the
>> hardest problem I saw was the fact that semanage without arguments 
>> was
>> difficult to do.
>>
>>        Output local customizations
>>        semanage [ -S store ] -o [ output_file | - ]
>>
>>        Input local customizations
>>        semanage [ -S store ] -i [ input_file | - ]
>>
>> argparser does not allow "optional arguments"  like this.
>
> I agree that I'm not sure how possible it is to do that. It might be
> a good idea to change from semanage -i inputfile or semanage -o
> outputfile into semanage backup and semanage restore. Semantically
> those words make sense as a subcommand and makes it clear as to what
> it is actually doing. Its also easy to implement them.
>

Actually maybe import and export would be better.

More information about the selinux mailing list