* [PATCH v2 1/3] checkpolicy: remove a redundant if-condition
@ 2019-10-19 10:26 Masatake YAMATO
2019-10-19 10:26 ` [PATCH v2 2/3] checkpolicy: update the description for -o option in the man page Masatake YAMATO
2019-10-19 10:26 ` [PATCH v2 3/3] checkpolicy: allow to write policy to stdout Masatake YAMATO
0 siblings, 2 replies; 4+ messages in thread
From: Masatake YAMATO @ 2019-10-19 10:26 UTC (permalink / raw)
To: selinux; +Cc: yamato
Inner if-condition in following code is redundant:
if (outfile) {
/* ... just referring outfile ... */
if (outfile) {
do_something();
}
}
We can simplify this to:
if (outfile) {
/* ... just referring outfile ... */
do_something();
}
Signed-off-by: Masatake YAMATO <yamato@redhat.com>
---
checkpolicy/checkpolicy.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c
index f928ec06..e18de171 100644
--- a/checkpolicy/checkpolicy.c
+++ b/checkpolicy/checkpolicy.c
@@ -682,9 +682,7 @@ int main(int argc, char **argv)
}
}
- if (outfile) {
- fclose(outfp);
- }
+ fclose(outfp);
} else if (cil) {
fprintf(stderr, "%s: No file to write CIL was specified\n", argv[0]);
exit(1);
--
2.21.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH v2 2/3] checkpolicy: update the description for -o option in the man page
2019-10-19 10:26 [PATCH v2 1/3] checkpolicy: remove a redundant if-condition Masatake YAMATO
@ 2019-10-19 10:26 ` Masatake YAMATO
2019-10-19 10:26 ` [PATCH v2 3/3] checkpolicy: allow to write policy to stdout Masatake YAMATO
1 sibling, 0 replies; 4+ messages in thread
From: Masatake YAMATO @ 2019-10-19 10:26 UTC (permalink / raw)
To: selinux; +Cc: yamato
Write about policy.conf and CIL files.
Signed-off-by: Masatake YAMATO <yamato@redhat.com>
---
checkpolicy/checkpolicy.8 | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/checkpolicy/checkpolicy.8 b/checkpolicy/checkpolicy.8
index 1552f497..db57751c 100644
--- a/checkpolicy/checkpolicy.8
+++ b/checkpolicy/checkpolicy.8
@@ -40,7 +40,8 @@ Enable the MLS policy when checking and compiling the policy.
Specify the policy version, defaults to the latest.
.TP
.B \-o,\-\-output filename
-Write a binary policy file to the specified filename.
+Write a policy file (binary, policy.conf, or CIL policy)
+to the specified filename.
.TP
.B \-S,\-\-sort
Sort ocontexts before writing out the binary policy. This option makes output of checkpolicy consistent with binary policies created by semanage and secilc.
--
2.21.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH v2 3/3] checkpolicy: allow to write policy to stdout
2019-10-19 10:26 [PATCH v2 1/3] checkpolicy: remove a redundant if-condition Masatake YAMATO
2019-10-19 10:26 ` [PATCH v2 2/3] checkpolicy: update the description for -o option in the man page Masatake YAMATO
@ 2019-10-19 10:26 ` Masatake YAMATO
2019-10-22 12:27 ` Stephen Smalley
1 sibling, 1 reply; 4+ messages in thread
From: Masatake YAMATO @ 2019-10-19 10:26 UTC (permalink / raw)
To: selinux; +Cc: yamato
If - is given as filename for -o option, checkpolicy
writes the policy to standard output. This helps users
to read policy.conf and/or CIL policy file with pager
like less command:
$ checkpolicy -M -F -b /sys/fs/selinux/policy -o - | less
The users don't have to make a temporary file.
/dev/stdout can be used instead. However, - reduces the number of
typing for the purpose. Using - for standard output (and/or standard
input) is popular convention.
Change(s) in v2:
* Check the availability of output stream only when opening
a regualar file. Suggested by Stephen Smalley <sds@tycho.nsa.gov>.
Signed-off-by: Masatake YAMATO <yamato@redhat.com>
---
checkpolicy/checkpolicy.8 | 5 +++--
checkpolicy/checkpolicy.c | 22 +++++++++++++++-------
2 files changed, 18 insertions(+), 9 deletions(-)
diff --git a/checkpolicy/checkpolicy.8 b/checkpolicy/checkpolicy.8
index db57751c..bdfd6acd 100644
--- a/checkpolicy/checkpolicy.8
+++ b/checkpolicy/checkpolicy.8
@@ -3,7 +3,7 @@
checkpolicy \- SELinux policy compiler
.SH SYNOPSIS
.B checkpolicy
-.I "[\-b[F]] [\-C] [\-d] [\-U handle_unknown (allow,deny,reject)] [\-M] [\-c policyvers] [\-o output_file] [\-S] [\-t target_platform (selinux,xen)] [\-V] [input_file]"
+.I "[\-b[F]] [\-C] [\-d] [\-U handle_unknown (allow,deny,reject)] [\-M] [\-c policyvers] [\-o output_file|\-] [\-S] [\-t target_platform (selinux,xen)] [\-V] [input_file]"
.br
.SH "DESCRIPTION"
This manual page describes the
@@ -41,7 +41,8 @@ Specify the policy version, defaults to the latest.
.TP
.B \-o,\-\-output filename
Write a policy file (binary, policy.conf, or CIL policy)
-to the specified filename.
+to the specified filename. If - is given as filename,
+write it to standard output.
.TP
.B \-S,\-\-sort
Sort ocontexts before writing out the binary policy. This option makes output of checkpolicy consistent with binary policies created by semanage and secilc.
diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c
index e18de171..7c5b63f8 100644
--- a/checkpolicy/checkpolicy.c
+++ b/checkpolicy/checkpolicy.c
@@ -112,7 +112,7 @@ static __attribute__((__noreturn__)) void usage(const char *progname)
{
printf
("usage: %s [-b[F]] [-C] [-d] [-U handle_unknown (allow,deny,reject)] [-M] "
- "[-c policyvers (%d-%d)] [-o output_file] [-S] "
+ "[-c policyvers (%d-%d)] [-o output_file|-] [-S] "
"[-t target_platform (selinux,xen)] [-V] [input_file]\n",
progname, POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
exit(1);
@@ -390,7 +390,8 @@ int main(int argc, char **argv)
struct sepol_av_decision avd;
class_datum_t *cladatum;
const char *file = txtfile;
- char ans[80 + 1], *outfile = NULL, *path, *fstype;
+ char ans[80 + 1], *path, *fstype;
+ const char *outfile = NULL;
size_t scontext_len, pathlen;
unsigned int i;
unsigned int protocol, port;
@@ -638,10 +639,15 @@ int main(int argc, char **argv)
}
if (outfile) {
- outfp = fopen(outfile, "w");
- if (!outfp) {
- perror(outfile);
- exit(1);
+ if (!strcmp(outfile, "-")) {
+ outfp = stdout;
+ outfile = "<STDOUT>";
+ } else {
+ outfp = fopen(outfile, "w");
+ if (!outfp) {
+ perror(outfile);
+ exit(1);
+ }
}
policydb.policyvers = policyvers;
@@ -682,7 +688,9 @@ int main(int argc, char **argv)
}
}
- fclose(outfp);
+ if (outfp != stdout) {
+ fclose(outfp);
+ }
} else if (cil) {
fprintf(stderr, "%s: No file to write CIL was specified\n", argv[0]);
exit(1);
--
2.21.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH v2 3/3] checkpolicy: allow to write policy to stdout
2019-10-19 10:26 ` [PATCH v2 3/3] checkpolicy: allow to write policy to stdout Masatake YAMATO
@ 2019-10-22 12:27 ` Stephen Smalley
0 siblings, 0 replies; 4+ messages in thread
From: Stephen Smalley @ 2019-10-22 12:27 UTC (permalink / raw)
To: Masatake YAMATO, selinux
On 10/19/19 6:26 AM, Masatake YAMATO wrote:
> If - is given as filename for -o option, checkpolicy
> writes the policy to standard output. This helps users
> to read policy.conf and/or CIL policy file with pager
> like less command:
>
> $ checkpolicy -M -F -b /sys/fs/selinux/policy -o - | less
>
> The users don't have to make a temporary file.
> /dev/stdout can be used instead. However, - reduces the number of
> typing for the purpose. Using - for standard output (and/or standard
> input) is popular convention.
>
> Change(s) in v2:
> * Check the availability of output stream only when opening
> a regualar file. Suggested by Stephen Smalley <sds@tycho.nsa.gov>.
>
> Signed-off-by: Masatake YAMATO <yamato@redhat.com>
Thanks, applied.
> ---
> checkpolicy/checkpolicy.8 | 5 +++--
> checkpolicy/checkpolicy.c | 22 +++++++++++++++-------
> 2 files changed, 18 insertions(+), 9 deletions(-)
>
> diff --git a/checkpolicy/checkpolicy.8 b/checkpolicy/checkpolicy.8
> index db57751c..bdfd6acd 100644
> --- a/checkpolicy/checkpolicy.8
> +++ b/checkpolicy/checkpolicy.8
> @@ -3,7 +3,7 @@
> checkpolicy \- SELinux policy compiler
> .SH SYNOPSIS
> .B checkpolicy
> -.I "[\-b[F]] [\-C] [\-d] [\-U handle_unknown (allow,deny,reject)] [\-M] [\-c policyvers] [\-o output_file] [\-S] [\-t target_platform (selinux,xen)] [\-V] [input_file]"
> +.I "[\-b[F]] [\-C] [\-d] [\-U handle_unknown (allow,deny,reject)] [\-M] [\-c policyvers] [\-o output_file|\-] [\-S] [\-t target_platform (selinux,xen)] [\-V] [input_file]"
> .br
> .SH "DESCRIPTION"
> This manual page describes the
> @@ -41,7 +41,8 @@ Specify the policy version, defaults to the latest.
> .TP
> .B \-o,\-\-output filename
> Write a policy file (binary, policy.conf, or CIL policy)
> -to the specified filename.
> +to the specified filename. If - is given as filename,
> +write it to standard output.
> .TP
> .B \-S,\-\-sort
> Sort ocontexts before writing out the binary policy. This option makes output of checkpolicy consistent with binary policies created by semanage and secilc.
> diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c
> index e18de171..7c5b63f8 100644
> --- a/checkpolicy/checkpolicy.c
> +++ b/checkpolicy/checkpolicy.c
> @@ -112,7 +112,7 @@ static __attribute__((__noreturn__)) void usage(const char *progname)
> {
> printf
> ("usage: %s [-b[F]] [-C] [-d] [-U handle_unknown (allow,deny,reject)] [-M] "
> - "[-c policyvers (%d-%d)] [-o output_file] [-S] "
> + "[-c policyvers (%d-%d)] [-o output_file|-] [-S] "
> "[-t target_platform (selinux,xen)] [-V] [input_file]\n",
> progname, POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
> exit(1);
> @@ -390,7 +390,8 @@ int main(int argc, char **argv)
> struct sepol_av_decision avd;
> class_datum_t *cladatum;
> const char *file = txtfile;
> - char ans[80 + 1], *outfile = NULL, *path, *fstype;
> + char ans[80 + 1], *path, *fstype;
> + const char *outfile = NULL;
> size_t scontext_len, pathlen;
> unsigned int i;
> unsigned int protocol, port;
> @@ -638,10 +639,15 @@ int main(int argc, char **argv)
> }
>
> if (outfile) {
> - outfp = fopen(outfile, "w");
> - if (!outfp) {
> - perror(outfile);
> - exit(1);
> + if (!strcmp(outfile, "-")) {
> + outfp = stdout;
> + outfile = "<STDOUT>";
> + } else {
> + outfp = fopen(outfile, "w");
> + if (!outfp) {
> + perror(outfile);
> + exit(1);
> + }
> }
>
> policydb.policyvers = policyvers;
> @@ -682,7 +688,9 @@ int main(int argc, char **argv)
> }
> }
>
> - fclose(outfp);
> + if (outfp != stdout) {
> + fclose(outfp);
> + }
> } else if (cil) {
> fprintf(stderr, "%s: No file to write CIL was specified\n", argv[0]);
> exit(1);
>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-10-22 12:27 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-19 10:26 [PATCH v2 1/3] checkpolicy: remove a redundant if-condition Masatake YAMATO
2019-10-19 10:26 ` [PATCH v2 2/3] checkpolicy: update the description for -o option in the man page Masatake YAMATO
2019-10-19 10:26 ` [PATCH v2 3/3] checkpolicy: allow to write policy to stdout Masatake YAMATO
2019-10-22 12:27 ` Stephen Smalley
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.