Cleaning up semanage
Miroslav Grepl
mgrepl at redhat.com
Sun Dec 16 20:21:07 UTC 2012
On 12/14/2012 05:48 PM, David Quigley wrote:
> On 12/14/2012 07:10, Daniel J Walsh wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On 12/13/2012 06:30 PM, David Quigley wrote:
>>> On 12/13/2012 14:13, David Quigley wrote:
>>>> On 12/13/2012 10:41, Konstantin Ryabitsev wrote:
>>>>> On Wed, Dec 12, 2012 at 10:03 PM, Dave Quigley
>>>>> <selinux at davequigley.com> wrote:
>>>>>> I'm actually going to try to pull together just the parsers without
>>>>>> any backend functionality to see how feasible this is and how it
>>>>>> looks. If we like how it looks and its possible we can move forward
>>>>>> with it. I think that since --ftype is a longarg that argparse might
>>>>>> be able to handle it. If not then some manipulation of things might
>>>>>> be in order (like making an = between --ftype and the -d).
>>>>>
>>>>> Note that --ftype can be also written as -f. So, really, if you
>>>>> want to
>>>>> be fully backwards-compatible, you'll need to correctly parse the
>>>>> following:
>>>>>
>>>>> semanage fcontext -d -f -d /some/dir
>>>>>
>>>>> -- Konstantin Ryabitsev LinuxFoundation.org Montréal, Québec
>>>>
>>>>
>>>> Which brings up a good question. Is there a test suite we can use to
>>>> ensure that the new interface matches the old interface? A regression
>>>> suite for semanage would be very useful in this case. We could
>>>> start with
>>>> everything failing and rebuild the interface one at a time untill
>>>> everything passes again. -- selinux mailing list
>>>> selinux at lists.fedoraproject.org
>>>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>>>
>>>
>>> I Haven't typed in all of the help info yet but the link is to a
>>> pastbin
>>> with the usage information for the semanage login subcommand. I just
>>> need
>>> to get it to react that way when there are 0 arguments passed in as
>>> well.
>>> Right now it will print this when you type semanage login -h or
>>> --help. I
>>> want it to print this on semanage login with no arguments as well.
>>>
>>> http://pastebin.com/KTtNk0rC -- selinux mailing list
>>> selinux at lists.fedoraproject.org
>>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>>
>> I love it. This has been on my long list of cleanups for a while,
>> but we
>> never seem to get to it. I looked at this a while ago, and at the
>> time the
>> hardest problem I saw was the fact that semanage without arguments was
>> difficult to do.
>>
>> Output local customizations
>> semanage [ -S store ] -o [ output_file | - ]
>>
>> Input local customizations
>> semanage [ -S store ] -i [ input_file | - ]
>>
>> argparser does not allow "optional arguments" like this.
>
> I agree that I'm not sure how possible it is to do that. It might be a
> good idea to change from semanage -i inputfile or semanage -o
> outputfile into semanage backup and semanage restore. Semantically
> those words make sense as a subcommand and makes it clear as to what
> it is actually doing. Its also easy to implement them.
>
>>
>> A cleanup of the man page would also be great. The new sepolicy tool
>> suite is
>> using argparse and separate man pages for each subcommand, and I
>> really like it.
>
> Yea I agree that a manpage for semanage-port semanage-fcontext etc is
> the way to go.
>
>>
>> I think bash-completion eliminates the need for semanage-fcontext
>> Since you
>> can do.
>>
>> semanage <tab><tab>
>> boolean fcontext login node port
>> dontaudit interface module permissive user
>>
>
> I agree. It wasn't clear to me if doing this had any real benefit. If
> we didn't have bash completion it might have but now that we do I
> don't see a need for it.
>
> Dave
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
I agree with all. Basically it can be done with some news in semanage
commands. Basically I wanted to keep the same format when I was doing
some work on this. A lot of "semanage" commands are used in install,
rpm, setup scripts.
More information about the selinux
mailing list