Cleaning up semanage

[David Quigley]

On 12/14/2012 07:10, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 12/13/2012 06:30 PM, David Quigley wrote:
>> On 12/13/2012 14:13, David Quigley wrote:
>>> On 12/13/2012 10:41, Konstantin Ryabitsev wrote:
>>>> On Wed, Dec 12, 2012 at 10:03 PM, Dave Quigley
>>>> <selinux at davequigley.com> wrote:
>>>>> I'm actually going to try to pull together just the parsers 
>>>>> without
>>>>> any backend functionality to see how feasible this is and how it
>>>>> looks. If we like how it looks and its possible we can move 
>>>>> forward
>>>>> with it. I think that since --ftype is a longarg that argparse 
>>>>> might
>>>>> be able to handle it. If not then some manipulation of things 
>>>>> might
>>>>> be in order (like making an = between --ftype and the -d).
>>>>
>>>> Note that --ftype can be also written as -f. So, really, if you 
>>>> want to
>>>> be fully backwards-compatible, you'll need to correctly parse the
>>>> following:
>>>>
>>>> semanage fcontext -d -f -d /some/dir
>>>>
>>>> -- Konstantin Ryabitsev LinuxFoundation.org Montréal, Québec
>>>
>>>
>>> Which brings up a good question. Is there a test suite we can use 
>>> to
>>> ensure that the new interface matches the old interface? A 
>>> regression
>>> suite for semanage would be very useful in this case. We could 
>>> start with
>>> everything failing and rebuild the interface one at a time untill
>>> everything passes again. -- selinux mailing list
>>> selinux at lists.fedoraproject.org
>>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>>
>>
>> I Haven't typed in all of the help info yet but the link is to a 
>> pastbin
>> with the usage information for the semanage login subcommand. I just 
>> need
>> to get it to react that way when there are 0 arguments passed in as 
>> well.
>> Right now it will print this when you type semanage login -h or 
>> --help. I
>> want it to print this on semanage login with no arguments as well.
>>
>> http://pastebin.com/KTtNk0rC -- selinux mailing list
>> selinux at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
> I love it.  This has been on my long list of cleanups for a while, 
> but we
> never seem to get to it.  I looked at this a while ago, and at the 
> time  the
> hardest problem I saw was the fact that semanage without arguments 
> was
> difficult to do.
>
>        Output local customizations
>        semanage [ -S store ] -o [ output_file | - ]
>
>        Input local customizations
>        semanage [ -S store ] -i [ input_file | - ]
>
> argparser does not allow "optional arguments"  like this.

I agree that I'm not sure how possible it is to do that. It might be a 
good idea to change from semanage -i inputfile or semanage -o outputfile 
into semanage backup and semanage restore. Semantically those words make 
sense as a subcommand and makes it clear as to what it is actually 
doing. Its also easy to implement them.

>
> A cleanup of the man page would also be great.  The new sepolicy tool
> suite is
> using argparse and separate man pages for each subcommand, and I
> really like it.

Yea I agree that a manpage for semanage-port semanage-fcontext etc is 
the way to go.

>
> I think bash-completion eliminates the need for semanage-fcontext  
> Since you
> can do.
>
> semanage <tab><tab>
> boolean     fcontext    login       node        port
> dontaudit   interface   module      permissive  user
>

I agree. It wasn't clear to me if doing this had any real benefit. If 
we didn't have bash completion it might have but now that we do I don't 
see a need for it.

Dave