[PATCH] checkpolicy: Add -S option to manpage

[PATCH] checkpolicy: Add -S option to manpage

[Vit Mojzis]

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
---
 checkpolicy/checkpolicy.8 | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/checkpolicy/checkpolicy.8 b/checkpolicy/checkpolicy.8
index 1c8805d5..a3e4acc0 100644
--- a/checkpolicy/checkpolicy.8
+++ b/checkpolicy/checkpolicy.8
@@ -39,6 +39,9 @@ Write a binary policy file to the specified filename.
 .B \-c policyvers
 Specify the policy version, defaults to the latest.
 .TP
+.B \-S,\-\-sort
+Sort ocontexts before writing out the binary policy. This option makes output of checkpolicy consistent with binary policies created by semanage and secilc.
+.TP
 .B \-t,\-\-target
 Specify the target platform (selinux or xen).
 .TP
-- 
2.17.2

Re: [PATCH] checkpolicy: Add -S option to manpage

[Nicolas Iooss]

On Tue, Feb 5, 2019 at 9:56 AM Vit Mojzis <vmojzis@redhat.com> wrote:
>
> Signed-off-by: Vit Mojzis <vmojzis@redhat.com>

Thanks for your patch. Nevertheless the synopsis of the command in the
man page is still incomplete. Could you please update it too, and
while at it add the missing flags that are already documented in the
manpage too?

Nicolas

> ---
>  checkpolicy/checkpolicy.8 | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/checkpolicy/checkpolicy.8 b/checkpolicy/checkpolicy.8
> index 1c8805d5..a3e4acc0 100644
> --- a/checkpolicy/checkpolicy.8
> +++ b/checkpolicy/checkpolicy.8
> @@ -39,6 +39,9 @@ Write a binary policy file to the specified filename.
>  .B \-c policyvers
>  Specify the policy version, defaults to the latest.
>  .TP
> +.B \-S,\-\-sort
> +Sort ocontexts before writing out the binary policy. This option makes output of checkpolicy consistent with binary policies created by semanage and secilc.
> +.TP
>  .B \-t,\-\-target
>  Specify the target platform (selinux or xen).
>  .TP
> --
> 2.17.2
>

[PATCH] checkpolicy: Update manpage

[Vit Mojzis]

- Add description of -S option
- Sort the option descriptions based on the synopsis
- Add missing options to synopsis

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
---
 checkpolicy/checkpolicy.8 | 19 +++++++++++--------
 checkpolicy/checkpolicy.c |  2 +-
 2 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/checkpolicy/checkpolicy.8 b/checkpolicy/checkpolicy.8
index 1c8805d5..8f7dad41 100644
--- a/checkpolicy/checkpolicy.8
+++ b/checkpolicy/checkpolicy.8
@@ -3,7 +3,7 @@
 checkpolicy \- SELinux policy compiler
 .SH SYNOPSIS
 .B checkpolicy
-.I "[\-b[F]] [\-C] [\-d] [\-M] [\-c policyvers] [\-o output_file] [input_file]"
+.I "[\-b[F]] [\-C] [\-d] [\-U handle_unknown (allow,deny,reject)] [\-M] [\-c policyvers] [\-o output_file] [\-S] [\-t target_platform (selinux,xen)] [\-V] [input_file]"
 .br
 .SH "DESCRIPTION"
 This manual page describes the
@@ -21,30 +21,33 @@ policy.conf or policy, depending on whether the \-b flag is specified.
 .B \-b,\-\-binary
 Read an existing binary policy file rather than a source policy.conf file.
 .TP
+.B \-F,\-\-conf
+Write policy.conf file rather than binary policy file. Can only be used with binary policy file.
+.TP
 .B \-C,\-\-cil
 Write CIL policy file rather than binary policy file.
 .TP
 .B \-d,\-\-debug
 Enter debug mode after loading the policy.
 .TP
-.B \-F,\-\-conf
-Write policy.conf file rather than binary policy file. Can only be used with binary policy file.
+.B \-U,\-\-handle-unknown <action>
+Specify how the kernel should handle unknown classes or permissions (deny, allow or reject).
 .TP
 .B \-M,\-\-mls
 Enable the MLS policy when checking and compiling the policy.
 .TP
+.B \-c policyvers
+Specify the policy version, defaults to the latest.
+.TP
 .B \-o,\-\-output filename
 Write a binary policy file to the specified filename.
 .TP
-.B \-c policyvers
-Specify the policy version, defaults to the latest.
+.B \-S,\-\-sort
+Sort ocontexts before writing out the binary policy. This option makes output of checkpolicy consistent with binary policies created by semanage and secilc.
 .TP
 .B \-t,\-\-target
 Specify the target platform (selinux or xen).
 .TP
-.B \-U,\-\-handle-unknown <action>
-Specify how the kernel should handle unknown classes or permissions (deny, allow or reject).
-.TP
 .B \-V,\-\-version
 Show version information.
 .TP
diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c
index 14dc91a3..e0a00f7c 100644
--- a/checkpolicy/checkpolicy.c
+++ b/checkpolicy/checkpolicy.c
@@ -113,7 +113,7 @@ static __attribute__((__noreturn__)) void usage(const char *progname)
 	printf
 	    ("usage:  %s [-b[F]] [-C] [-d] [-U handle_unknown (allow,deny,reject)] [-M] "
 	     "[-c policyvers (%d-%d)] [-o output_file] [-S] "
-	     "[-t target_platform (selinux,xen)] [input_file]\n",
+	     "[-t target_platform (selinux,xen)] [-V] [input_file]\n",
 	     progname, POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
 	exit(1);
 }
-- 
2.17.2

Re: [PATCH] checkpolicy: Update manpage

[Nicolas Iooss]

On Thu, Feb 7, 2019 at 11:25 AM Vit Mojzis <vmojzis@redhat.com> wrote:
>
> - Add description of -S option
> - Sort the option descriptions based on the synopsis
> - Add missing options to synopsis
>
> Signed-off-by: Vit Mojzis <vmojzis@redhat.com>

Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>
> ---
>  checkpolicy/checkpolicy.8 | 19 +++++++++++--------
>  checkpolicy/checkpolicy.c |  2 +-
>  2 files changed, 12 insertions(+), 9 deletions(-)
>
> diff --git a/checkpolicy/checkpolicy.8 b/checkpolicy/checkpolicy.8
> index 1c8805d5..8f7dad41 100644
> --- a/checkpolicy/checkpolicy.8
> +++ b/checkpolicy/checkpolicy.8
> @@ -3,7 +3,7 @@
>  checkpolicy \- SELinux policy compiler
>  .SH SYNOPSIS
>  .B checkpolicy
> -.I "[\-b[F]] [\-C] [\-d] [\-M] [\-c policyvers] [\-o output_file] [input_file]"
> +.I "[\-b[F]] [\-C] [\-d] [\-U handle_unknown (allow,deny,reject)] [\-M] [\-c policyvers] [\-o output_file] [\-S] [\-t target_platform (selinux,xen)] [\-V] [input_file]"
>  .br
>  .SH "DESCRIPTION"
>  This manual page describes the
> @@ -21,30 +21,33 @@ policy.conf or policy, depending on whether the \-b flag is specified.
>  .B \-b,\-\-binary
>  Read an existing binary policy file rather than a source policy.conf file.
>  .TP
> +.B \-F,\-\-conf
> +Write policy.conf file rather than binary policy file. Can only be used with binary policy file.
> +.TP
>  .B \-C,\-\-cil
>  Write CIL policy file rather than binary policy file.
>  .TP
>  .B \-d,\-\-debug
>  Enter debug mode after loading the policy.
>  .TP
> -.B \-F,\-\-conf
> -Write policy.conf file rather than binary policy file. Can only be used with binary policy file.
> +.B \-U,\-\-handle-unknown <action>
> +Specify how the kernel should handle unknown classes or permissions (deny, allow or reject).
>  .TP
>  .B \-M,\-\-mls
>  Enable the MLS policy when checking and compiling the policy.
>  .TP
> +.B \-c policyvers
> +Specify the policy version, defaults to the latest.
> +.TP
>  .B \-o,\-\-output filename
>  Write a binary policy file to the specified filename.
>  .TP
> -.B \-c policyvers
> -Specify the policy version, defaults to the latest.
> +.B \-S,\-\-sort
> +Sort ocontexts before writing out the binary policy. This option makes output of checkpolicy consistent with binary policies created by semanage and secilc.
>  .TP
>  .B \-t,\-\-target
>  Specify the target platform (selinux or xen).
>  .TP
> -.B \-U,\-\-handle-unknown <action>
> -Specify how the kernel should handle unknown classes or permissions (deny, allow or reject).
> -.TP
>  .B \-V,\-\-version
>  Show version information.
>  .TP
> diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c
> index 14dc91a3..e0a00f7c 100644
> --- a/checkpolicy/checkpolicy.c
> +++ b/checkpolicy/checkpolicy.c
> @@ -113,7 +113,7 @@ static __attribute__((__noreturn__)) void usage(const char *progname)
>         printf
>             ("usage:  %s [-b[F]] [-C] [-d] [-U handle_unknown (allow,deny,reject)] [-M] "
>              "[-c policyvers (%d-%d)] [-o output_file] [-S] "
> -            "[-t target_platform (selinux,xen)] [input_file]\n",
> +            "[-t target_platform (selinux,xen)] [-V] [input_file]\n",
>              progname, POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
>         exit(1);
>  }
> --
> 2.17.2
>

Re: [PATCH] checkpolicy: Update manpage

[Nicolas Iooss]

On Thu, Feb 7, 2019 at 10:03 PM Nicolas Iooss <nicolas.iooss@m4x.org> wrote:
>
> On Thu, Feb 7, 2019 at 11:25 AM Vit Mojzis <vmojzis@redhat.com> wrote:
> >
> > - Add description of -S option
> > - Sort the option descriptions based on the synopsis
> > - Add missing options to synopsis
> >
> > Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
>
> Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>

Merged.

Nicolas

> > ---
> >  checkpolicy/checkpolicy.8 | 19 +++++++++++--------
> >  checkpolicy/checkpolicy.c |  2 +-
> >  2 files changed, 12 insertions(+), 9 deletions(-)
> >
> > diff --git a/checkpolicy/checkpolicy.8 b/checkpolicy/checkpolicy.8
> > index 1c8805d5..8f7dad41 100644
> > --- a/checkpolicy/checkpolicy.8
> > +++ b/checkpolicy/checkpolicy.8
> > @@ -3,7 +3,7 @@
> >  checkpolicy \- SELinux policy compiler
> >  .SH SYNOPSIS
> >  .B checkpolicy
> > -.I "[\-b[F]] [\-C] [\-d] [\-M] [\-c policyvers] [\-o output_file] [input_file]"
> > +.I "[\-b[F]] [\-C] [\-d] [\-U handle_unknown (allow,deny,reject)] [\-M] [\-c policyvers] [\-o output_file] [\-S] [\-t target_platform (selinux,xen)] [\-V] [input_file]"
> >  .br
> >  .SH "DESCRIPTION"
> >  This manual page describes the
> > @@ -21,30 +21,33 @@ policy.conf or policy, depending on whether the \-b flag is specified.
> >  .B \-b,\-\-binary
> >  Read an existing binary policy file rather than a source policy.conf file.
> >  .TP
> > +.B \-F,\-\-conf
> > +Write policy.conf file rather than binary policy file. Can only be used with binary policy file.
> > +.TP
> >  .B \-C,\-\-cil
> >  Write CIL policy file rather than binary policy file.
> >  .TP
> >  .B \-d,\-\-debug
> >  Enter debug mode after loading the policy.
> >  .TP
> > -.B \-F,\-\-conf
> > -Write policy.conf file rather than binary policy file. Can only be used with binary policy file.
> > +.B \-U,\-\-handle-unknown <action>
> > +Specify how the kernel should handle unknown classes or permissions (deny, allow or reject).
> >  .TP
> >  .B \-M,\-\-mls
> >  Enable the MLS policy when checking and compiling the policy.
> >  .TP
> > +.B \-c policyvers
> > +Specify the policy version, defaults to the latest.
> > +.TP
> >  .B \-o,\-\-output filename
> >  Write a binary policy file to the specified filename.
> >  .TP
> > -.B \-c policyvers
> > -Specify the policy version, defaults to the latest.
> > +.B \-S,\-\-sort
> > +Sort ocontexts before writing out the binary policy. This option makes output of checkpolicy consistent with binary policies created by semanage and secilc.
> >  .TP
> >  .B \-t,\-\-target
> >  Specify the target platform (selinux or xen).
> >  .TP
> > -.B \-U,\-\-handle-unknown <action>
> > -Specify how the kernel should handle unknown classes or permissions (deny, allow or reject).
> > -.TP
> >  .B \-V,\-\-version
> >  Show version information.
> >  .TP
> > diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c
> > index 14dc91a3..e0a00f7c 100644
> > --- a/checkpolicy/checkpolicy.c
> > +++ b/checkpolicy/checkpolicy.c
> > @@ -113,7 +113,7 @@ static __attribute__((__noreturn__)) void usage(const char *progname)
> >         printf
> >             ("usage:  %s [-b[F]] [-C] [-d] [-U handle_unknown (allow,deny,reject)] [-M] "
> >              "[-c policyvers (%d-%d)] [-o output_file] [-S] "
> > -            "[-t target_platform (selinux,xen)] [input_file]\n",
> > +            "[-t target_platform (selinux,xen)] [-V] [input_file]\n",
> >              progname, POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
> >         exit(1);
> >  }
> > --
> > 2.17.2
> >