From: Masatake YAMATO <yamato@redhat.com>
To: selinux@vger.kernel.org
Cc: yamato@redhat.com
Subject: [PATCH 4/5] dispol: introduce -b option to run commands in batch
Date: Tue, 8 Oct 2019 15:44:59 +0900 [thread overview]
Message-ID: <20191008064500.8651-6-yamato@redhat.com> (raw)
In-Reply-To: <20191008064500.8651-1-yamato@redhat.com>
dispol command requires interaction. It not suitable for using
in a script. This change introduces -b that is for running
dispol in non-interactively.
An example:
$ ./dispol -b 1 /sys/fs/selinux/policy
allow deltacloudd_log_t tmp_t : filesystem { associate };
allow kern_unconfined sysctl_type : lnk_file { ioctl read ...
...
Signed-off-by: Masatake YAMATO <yamato@redhat.com>
---
checkpolicy/test/dispol.c | 49 ++++++++++++++++++++++++++++++---------
1 file changed, 38 insertions(+), 11 deletions(-)
diff --git a/checkpolicy/test/dispol.c b/checkpolicy/test/dispol.c
index 26bbba7a..0eaa830a 100644
--- a/checkpolicy/test/dispol.c
+++ b/checkpolicy/test/dispol.c
@@ -39,7 +39,7 @@ static policydb_t policydb;
static __attribute__((__noreturn__)) void usage(const char *progname,
int status)
{
- printf("usage: %s [-h] binary_pol_file\n\n", progname);
+ printf("usage: %s [-h] [-b cmds] binary_pol_file\n\n", progname);
exit(status);
}
@@ -395,14 +395,21 @@ int main(int argc, char **argv)
int state;
struct policy_file pf;
char *pf_name;
+ char *cmds = NULL;
if (argc <= 1)
usage(argv[0], 1);
else if (strcmp(argv[1], "-h") == 0)
usage(argv[0], 0);
- else if (argc != 2)
+ else if (strcmp(argv[1], "-b") == 0) {
+ if (argc != 4)
+ usage(argv[0], 1);
+ cmds = argv[2];
+ pf_name = argv[3];
+ } else if (argc == 2)
+ pf_name = argv[1];
+ else
usage(argv[0], 1);
- pf_name = argv[1];
fd = open(pf_name, O_RDONLY);
if (fd < 0) {
@@ -424,7 +431,8 @@ int main(int argc, char **argv)
}
/* read the binary policy */
- fprintf(out_fp, "Reading policy...\n");
+ if (!cmds)
+ fprintf(out_fp, "Reading policy...\n");
policy_file_init(&pf);
pf.type = PF_USE_MEMORY;
pf.data = map;
@@ -433,7 +441,7 @@ int main(int argc, char **argv)
fprintf(stderr, "%s: Out of memory!\n", argv[0]);
exit(1);
}
- ret = policydb_read(&policydb, &pf, 1);
+ ret = policydb_read(&policydb, &pf, cmds == NULL);
if (ret) {
fprintf(stderr,
"%s: error(s) encountered while parsing configuration\n",
@@ -441,16 +449,30 @@ int main(int argc, char **argv)
exit(1);
}
- fprintf(stdout, "binary policy file loaded\n\n");
+ if (!cmds)
+ fprintf(stdout, "binary policy file loaded\n\n");
close(fd);
- menu();
+ if (!cmds)
+ menu();
for (;;) {
- printf("\nCommand (\'m\' for menu): ");
- if (fgets(ans, sizeof(ans), stdin) == NULL) {
- fprintf(stderr, "fgets failed at line %d: %s\n", __LINE__,
+ if (cmds) {
+ ans[0] = *cmds++;
+ if (ans[0] == '\0')
+ ans[0] = 'q';
+ else if (strchr("7fm", ans[0])) {
+ fprintf(stderr,
+ "Unacceptable command in batch mode: %c\n",
+ ans[0]);
+ exit(1);
+ }
+ } else {
+ printf("\nCommand (\'m\' for menu): ");
+ if (fgets(ans, sizeof(ans), stdin) == NULL) {
+ fprintf(stderr, "fgets failed at line %d: %s\n", __LINE__,
strerror(errno));
- continue;
+ continue;
+ }
}
switch (ans[0]) {
@@ -551,6 +573,11 @@ int main(int argc, char **argv)
menu();
break;
default:
+ if (cmds) {
+ fprintf(stderr,
+ "Invalid command: %c\n", ans[0]);
+ exit(1);
+ }
printf("\nInvalid choice\n");
menu();
break;
--
2.21.0
next prev parent reply other threads:[~2019-10-08 6:54 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-08 6:44 [PATCH 0/5] dispol: add batch execution mode Masatake YAMATO
2019-10-08 6:44 ` [PATCH 1/5] dispol: extend usage() to take error code as an argument Masatake YAMATO
2019-10-08 6:44 ` [PATCH 1/5] dispol: extend usage() to take exit status Masatake YAMATO
2019-10-08 14:03 ` Stephen Smalley
2019-10-08 6:44 ` [PATCH 2/5] dispol: add an option for printing the command usage Masatake YAMATO
2019-10-09 14:41 ` [Non-DoD Source] " Stephen Smalley
2019-10-08 6:44 ` [PATCH 3/5] dispol: introduce a local variable representing the input file Masatake YAMATO
2019-10-08 6:44 ` Masatake YAMATO [this message]
2019-10-08 6:45 ` [PATCH 5/5] dispol: add the list of commands for batch mode to help message Masatake YAMATO
2019-10-08 12:48 ` [PATCH 0/5] dispol: add batch execution mode Stephen Smalley
2019-10-08 14:31 ` Stephen Smalley
2019-10-17 7:12 ` Masatake YAMATO
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191008064500.8651-6-yamato@redhat.com \
--to=yamato@redhat.com \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).