Cleaning up semanage

[Miroslav Grepl]

On 12/14/2012 05:48 PM, David Quigley wrote:
> On 12/14/2012 07:10, Daniel J Walsh wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On 12/13/2012 06:30 PM, David Quigley wrote:
>>> On 12/13/2012 14:13, David Quigley wrote:
>>>> On 12/13/2012 10:41, Konstantin Ryabitsev wrote:
>>>>> On Wed, Dec 12, 2012 at 10:03 PM, Dave Quigley
>>>>> <selinux at davequigley.com> wrote:
>>>>>> I'm actually going to try to pull together just the parsers without
>>>>>> any backend functionality to see how feasible this is and how it
>>>>>> looks. If we like how it looks and its possible we can move forward
>>>>>> with it. I think that since --ftype is a longarg that argparse might
>>>>>> be able to handle it. If not then some manipulation of things might
>>>>>> be in order (like making an = between --ftype and the -d).
>>>>>
>>>>> Note that --ftype can be also written as -f. So, really, if you 
>>>>> want to
>>>>> be fully backwards-compatible, you'll need to correctly parse the
>>>>> following:
>>>>>
>>>>> semanage fcontext -d -f -d /some/dir
>>>>>
>>>>> -- Konstantin Ryabitsev LinuxFoundation.org Montréal, Québec
>>>>
>>>>
>>>> Which brings up a good question. Is there a test suite we can use to
>>>> ensure that the new interface matches the old interface? A regression
>>>> suite for semanage would be very useful in this case. We could 
>>>> start with
>>>> everything failing and rebuild the interface one at a time untill
>>>> everything passes again. -- selinux mailing list
>>>> selinux at lists.fedoraproject.org
>>>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>>>
>>>
>>> I Haven't typed in all of the help info yet but the link is to a 
>>> pastbin
>>> with the usage information for the semanage login subcommand. I just 
>>> need
>>> to get it to react that way when there are 0 arguments passed in as 
>>> well.
>>> Right now it will print this when you type semanage login -h or 
>>> --help. I
>>> want it to print this on semanage login with no arguments as well.
>>>
>>> http://pastebin.com/KTtNk0rC -- selinux mailing list
>>> selinux at lists.fedoraproject.org
>>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>>
>> I love it.  This has been on my long list of cleanups for a while, 
>> but we
>> never seem to get to it.  I looked at this a while ago, and at the 
>> time  the
>> hardest problem I saw was the fact that semanage without arguments was
>> difficult to do.
>>
>>        Output local customizations
>>        semanage [ -S store ] -o [ output_file | - ]
>>
>>        Input local customizations
>>        semanage [ -S store ] -i [ input_file | - ]
>>
>> argparser does not allow "optional arguments"  like this.
>
> I agree that I'm not sure how possible it is to do that. It might be a 
> good idea to change from semanage -i inputfile or semanage -o 
> outputfile into semanage backup and semanage restore. Semantically 
> those words make sense as a subcommand and makes it clear as to what 
> it is actually doing. Its also easy to implement them.
>
>>
>> A cleanup of the man page would also be great.  The new sepolicy tool
>> suite is
>> using argparse and separate man pages for each subcommand, and I
>> really like it.
>
> Yea I agree that a manpage for semanage-port semanage-fcontext etc is 
> the way to go.
>
>>
>> I think bash-completion eliminates the need for semanage-fcontext  
>> Since you
>> can do.
>>
>> semanage <tab><tab>
>> boolean     fcontext    login       node        port
>> dontaudit   interface   module      permissive  user
>>
>
> I agree. It wasn't clear to me if doing this had any real benefit. If 
> we didn't have bash completion it might have but now that we do I 
> don't see a need for it.
>
> Dave
> -- 
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
I agree with all. Basically it can be done with some news in semanage 
commands. Basically I wanted to keep the same format when I was doing 
some work on this. A lot of "semanage" commands are used in install, 
rpm, setup scripts.