* [PATCH v2 1/3] checkpolicy: remove a redundant if-condition @ 2019-10-19 10:26 Masatake YAMATO 2019-10-19 10:26 ` [PATCH v2 2/3] checkpolicy: update the description for -o option in the man page Masatake YAMATO 2019-10-19 10:26 ` [PATCH v2 3/3] checkpolicy: allow to write policy to stdout Masatake YAMATO 0 siblings, 2 replies; 4+ messages in thread From: Masatake YAMATO @ 2019-10-19 10:26 UTC (permalink / raw) To: selinux; +Cc: yamato Inner if-condition in following code is redundant: if (outfile) { /* ... just referring outfile ... */ if (outfile) { do_something(); } } We can simplify this to: if (outfile) { /* ... just referring outfile ... */ do_something(); } Signed-off-by: Masatake YAMATO <yamato@redhat.com> --- checkpolicy/checkpolicy.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c index f928ec06..e18de171 100644 --- a/checkpolicy/checkpolicy.c +++ b/checkpolicy/checkpolicy.c @@ -682,9 +682,7 @@ int main(int argc, char **argv) } } - if (outfile) { - fclose(outfp); - } + fclose(outfp); } else if (cil) { fprintf(stderr, "%s: No file to write CIL was specified\n", argv[0]); exit(1); -- 2.21.0 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH v2 2/3] checkpolicy: update the description for -o option in the man page 2019-10-19 10:26 [PATCH v2 1/3] checkpolicy: remove a redundant if-condition Masatake YAMATO @ 2019-10-19 10:26 ` Masatake YAMATO 2019-10-19 10:26 ` [PATCH v2 3/3] checkpolicy: allow to write policy to stdout Masatake YAMATO 1 sibling, 0 replies; 4+ messages in thread From: Masatake YAMATO @ 2019-10-19 10:26 UTC (permalink / raw) To: selinux; +Cc: yamato Write about policy.conf and CIL files. Signed-off-by: Masatake YAMATO <yamato@redhat.com> --- checkpolicy/checkpolicy.8 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/checkpolicy/checkpolicy.8 b/checkpolicy/checkpolicy.8 index 1552f497..db57751c 100644 --- a/checkpolicy/checkpolicy.8 +++ b/checkpolicy/checkpolicy.8 @@ -40,7 +40,8 @@ Enable the MLS policy when checking and compiling the policy. Specify the policy version, defaults to the latest. .TP .B \-o,\-\-output filename -Write a binary policy file to the specified filename. +Write a policy file (binary, policy.conf, or CIL policy) +to the specified filename. .TP .B \-S,\-\-sort Sort ocontexts before writing out the binary policy. This option makes output of checkpolicy consistent with binary policies created by semanage and secilc. -- 2.21.0 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH v2 3/3] checkpolicy: allow to write policy to stdout 2019-10-19 10:26 [PATCH v2 1/3] checkpolicy: remove a redundant if-condition Masatake YAMATO 2019-10-19 10:26 ` [PATCH v2 2/3] checkpolicy: update the description for -o option in the man page Masatake YAMATO @ 2019-10-19 10:26 ` Masatake YAMATO 2019-10-22 12:27 ` Stephen Smalley 1 sibling, 1 reply; 4+ messages in thread From: Masatake YAMATO @ 2019-10-19 10:26 UTC (permalink / raw) To: selinux; +Cc: yamato If - is given as filename for -o option, checkpolicy writes the policy to standard output. This helps users to read policy.conf and/or CIL policy file with pager like less command: $ checkpolicy -M -F -b /sys/fs/selinux/policy -o - | less The users don't have to make a temporary file. /dev/stdout can be used instead. However, - reduces the number of typing for the purpose. Using - for standard output (and/or standard input) is popular convention. Change(s) in v2: * Check the availability of output stream only when opening a regualar file. Suggested by Stephen Smalley <sds@tycho.nsa.gov>. Signed-off-by: Masatake YAMATO <yamato@redhat.com> --- checkpolicy/checkpolicy.8 | 5 +++-- checkpolicy/checkpolicy.c | 22 +++++++++++++++------- 2 files changed, 18 insertions(+), 9 deletions(-) diff --git a/checkpolicy/checkpolicy.8 b/checkpolicy/checkpolicy.8 index db57751c..bdfd6acd 100644 --- a/checkpolicy/checkpolicy.8 +++ b/checkpolicy/checkpolicy.8 @@ -3,7 +3,7 @@ checkpolicy \- SELinux policy compiler .SH SYNOPSIS .B checkpolicy -.I "[\-b[F]] [\-C] [\-d] [\-U handle_unknown (allow,deny,reject)] [\-M] [\-c policyvers] [\-o output_file] [\-S] [\-t target_platform (selinux,xen)] [\-V] [input_file]" +.I "[\-b[F]] [\-C] [\-d] [\-U handle_unknown (allow,deny,reject)] [\-M] [\-c policyvers] [\-o output_file|\-] [\-S] [\-t target_platform (selinux,xen)] [\-V] [input_file]" .br .SH "DESCRIPTION" This manual page describes the @@ -41,7 +41,8 @@ Specify the policy version, defaults to the latest. .TP .B \-o,\-\-output filename Write a policy file (binary, policy.conf, or CIL policy) -to the specified filename. +to the specified filename. If - is given as filename, +write it to standard output. .TP .B \-S,\-\-sort Sort ocontexts before writing out the binary policy. This option makes output of checkpolicy consistent with binary policies created by semanage and secilc. diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c index e18de171..7c5b63f8 100644 --- a/checkpolicy/checkpolicy.c +++ b/checkpolicy/checkpolicy.c @@ -112,7 +112,7 @@ static __attribute__((__noreturn__)) void usage(const char *progname) { printf ("usage: %s [-b[F]] [-C] [-d] [-U handle_unknown (allow,deny,reject)] [-M] " - "[-c policyvers (%d-%d)] [-o output_file] [-S] " + "[-c policyvers (%d-%d)] [-o output_file|-] [-S] " "[-t target_platform (selinux,xen)] [-V] [input_file]\n", progname, POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); exit(1); @@ -390,7 +390,8 @@ int main(int argc, char **argv) struct sepol_av_decision avd; class_datum_t *cladatum; const char *file = txtfile; - char ans[80 + 1], *outfile = NULL, *path, *fstype; + char ans[80 + 1], *path, *fstype; + const char *outfile = NULL; size_t scontext_len, pathlen; unsigned int i; unsigned int protocol, port; @@ -638,10 +639,15 @@ int main(int argc, char **argv) } if (outfile) { - outfp = fopen(outfile, "w"); - if (!outfp) { - perror(outfile); - exit(1); + if (!strcmp(outfile, "-")) { + outfp = stdout; + outfile = "<STDOUT>"; + } else { + outfp = fopen(outfile, "w"); + if (!outfp) { + perror(outfile); + exit(1); + } } policydb.policyvers = policyvers; @@ -682,7 +688,9 @@ int main(int argc, char **argv) } } - fclose(outfp); + if (outfp != stdout) { + fclose(outfp); + } } else if (cil) { fprintf(stderr, "%s: No file to write CIL was specified\n", argv[0]); exit(1); -- 2.21.0 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH v2 3/3] checkpolicy: allow to write policy to stdout 2019-10-19 10:26 ` [PATCH v2 3/3] checkpolicy: allow to write policy to stdout Masatake YAMATO @ 2019-10-22 12:27 ` Stephen Smalley 0 siblings, 0 replies; 4+ messages in thread From: Stephen Smalley @ 2019-10-22 12:27 UTC (permalink / raw) To: Masatake YAMATO, selinux On 10/19/19 6:26 AM, Masatake YAMATO wrote: > If - is given as filename for -o option, checkpolicy > writes the policy to standard output. This helps users > to read policy.conf and/or CIL policy file with pager > like less command: > > $ checkpolicy -M -F -b /sys/fs/selinux/policy -o - | less > > The users don't have to make a temporary file. > /dev/stdout can be used instead. However, - reduces the number of > typing for the purpose. Using - for standard output (and/or standard > input) is popular convention. > > Change(s) in v2: > * Check the availability of output stream only when opening > a regualar file. Suggested by Stephen Smalley <sds@tycho.nsa.gov>. > > Signed-off-by: Masatake YAMATO <yamato@redhat.com> Thanks, applied. > --- > checkpolicy/checkpolicy.8 | 5 +++-- > checkpolicy/checkpolicy.c | 22 +++++++++++++++------- > 2 files changed, 18 insertions(+), 9 deletions(-) > > diff --git a/checkpolicy/checkpolicy.8 b/checkpolicy/checkpolicy.8 > index db57751c..bdfd6acd 100644 > --- a/checkpolicy/checkpolicy.8 > +++ b/checkpolicy/checkpolicy.8 > @@ -3,7 +3,7 @@ > checkpolicy \- SELinux policy compiler > .SH SYNOPSIS > .B checkpolicy > -.I "[\-b[F]] [\-C] [\-d] [\-U handle_unknown (allow,deny,reject)] [\-M] [\-c policyvers] [\-o output_file] [\-S] [\-t target_platform (selinux,xen)] [\-V] [input_file]" > +.I "[\-b[F]] [\-C] [\-d] [\-U handle_unknown (allow,deny,reject)] [\-M] [\-c policyvers] [\-o output_file|\-] [\-S] [\-t target_platform (selinux,xen)] [\-V] [input_file]" > .br > .SH "DESCRIPTION" > This manual page describes the > @@ -41,7 +41,8 @@ Specify the policy version, defaults to the latest. > .TP > .B \-o,\-\-output filename > Write a policy file (binary, policy.conf, or CIL policy) > -to the specified filename. > +to the specified filename. If - is given as filename, > +write it to standard output. > .TP > .B \-S,\-\-sort > Sort ocontexts before writing out the binary policy. This option makes output of checkpolicy consistent with binary policies created by semanage and secilc. > diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c > index e18de171..7c5b63f8 100644 > --- a/checkpolicy/checkpolicy.c > +++ b/checkpolicy/checkpolicy.c > @@ -112,7 +112,7 @@ static __attribute__((__noreturn__)) void usage(const char *progname) > { > printf > ("usage: %s [-b[F]] [-C] [-d] [-U handle_unknown (allow,deny,reject)] [-M] " > - "[-c policyvers (%d-%d)] [-o output_file] [-S] " > + "[-c policyvers (%d-%d)] [-o output_file|-] [-S] " > "[-t target_platform (selinux,xen)] [-V] [input_file]\n", > progname, POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); > exit(1); > @@ -390,7 +390,8 @@ int main(int argc, char **argv) > struct sepol_av_decision avd; > class_datum_t *cladatum; > const char *file = txtfile; > - char ans[80 + 1], *outfile = NULL, *path, *fstype; > + char ans[80 + 1], *path, *fstype; > + const char *outfile = NULL; > size_t scontext_len, pathlen; > unsigned int i; > unsigned int protocol, port; > @@ -638,10 +639,15 @@ int main(int argc, char **argv) > } > > if (outfile) { > - outfp = fopen(outfile, "w"); > - if (!outfp) { > - perror(outfile); > - exit(1); > + if (!strcmp(outfile, "-")) { > + outfp = stdout; > + outfile = "<STDOUT>"; > + } else { > + outfp = fopen(outfile, "w"); > + if (!outfp) { > + perror(outfile); > + exit(1); > + } > } > > policydb.policyvers = policyvers; > @@ -682,7 +688,9 @@ int main(int argc, char **argv) > } > } > > - fclose(outfp); > + if (outfp != stdout) { > + fclose(outfp); > + } > } else if (cil) { > fprintf(stderr, "%s: No file to write CIL was specified\n", argv[0]); > exit(1); > ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-10-22 12:27 UTC | newest] Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2019-10-19 10:26 [PATCH v2 1/3] checkpolicy: remove a redundant if-condition Masatake YAMATO 2019-10-19 10:26 ` [PATCH v2 2/3] checkpolicy: update the description for -o option in the man page Masatake YAMATO 2019-10-19 10:26 ` [PATCH v2 3/3] checkpolicy: allow to write policy to stdout Masatake YAMATO 2019-10-22 12:27 ` Stephen Smalley
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.