SELinux Archive on lore.kernel.org
 help / Atom feed
* [PATCH] checkpolicy: Add -S option to manpage
@ 2019-02-05  8:56 Vit Mojzis
  2019-02-06 20:59 ` Nicolas Iooss
  0 siblings, 1 reply; 5+ messages in thread
From: Vit Mojzis @ 2019-02-05  8:56 UTC (permalink / raw)
  To: selinux

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
---
 checkpolicy/checkpolicy.8 | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/checkpolicy/checkpolicy.8 b/checkpolicy/checkpolicy.8
index 1c8805d5..a3e4acc0 100644
--- a/checkpolicy/checkpolicy.8
+++ b/checkpolicy/checkpolicy.8
@@ -39,6 +39,9 @@ Write a binary policy file to the specified filename.
 .B \-c policyvers
 Specify the policy version, defaults to the latest.
 .TP
+.B \-S,\-\-sort
+Sort ocontexts before writing out the binary policy. This option makes output of checkpolicy consistent with binary policies created by semanage and secilc.
+.TP
 .B \-t,\-\-target
 Specify the target platform (selinux or xen).
 .TP
-- 
2.17.2


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] checkpolicy: Add -S option to manpage
  2019-02-05  8:56 [PATCH] checkpolicy: Add -S option to manpage Vit Mojzis
@ 2019-02-06 20:59 ` Nicolas Iooss
  2019-02-07 10:25   ` [PATCH] checkpolicy: Update manpage Vit Mojzis
  0 siblings, 1 reply; 5+ messages in thread
From: Nicolas Iooss @ 2019-02-06 20:59 UTC (permalink / raw)
  To: Vit Mojzis; +Cc: selinux

On Tue, Feb 5, 2019 at 9:56 AM Vit Mojzis <vmojzis@redhat.com> wrote:
>
> Signed-off-by: Vit Mojzis <vmojzis@redhat.com>

Thanks for your patch. Nevertheless the synopsis of the command in the
man page is still incomplete. Could you please update it too, and
while at it add the missing flags that are already documented in the
manpage too?

Nicolas

> ---
>  checkpolicy/checkpolicy.8 | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/checkpolicy/checkpolicy.8 b/checkpolicy/checkpolicy.8
> index 1c8805d5..a3e4acc0 100644
> --- a/checkpolicy/checkpolicy.8
> +++ b/checkpolicy/checkpolicy.8
> @@ -39,6 +39,9 @@ Write a binary policy file to the specified filename.
>  .B \-c policyvers
>  Specify the policy version, defaults to the latest.
>  .TP
> +.B \-S,\-\-sort
> +Sort ocontexts before writing out the binary policy. This option makes output of checkpolicy consistent with binary policies created by semanage and secilc.
> +.TP
>  .B \-t,\-\-target
>  Specify the target platform (selinux or xen).
>  .TP
> --
> 2.17.2
>


^ permalink raw reply	[flat|nested] 5+ messages in thread

* [PATCH] checkpolicy: Update manpage
  2019-02-06 20:59 ` Nicolas Iooss
@ 2019-02-07 10:25   ` Vit Mojzis
  2019-02-07 21:03     ` Nicolas Iooss
  0 siblings, 1 reply; 5+ messages in thread
From: Vit Mojzis @ 2019-02-07 10:25 UTC (permalink / raw)
  To: selinux

- Add description of -S option
- Sort the option descriptions based on the synopsis
- Add missing options to synopsis

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
---
 checkpolicy/checkpolicy.8 | 19 +++++++++++--------
 checkpolicy/checkpolicy.c |  2 +-
 2 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/checkpolicy/checkpolicy.8 b/checkpolicy/checkpolicy.8
index 1c8805d5..8f7dad41 100644
--- a/checkpolicy/checkpolicy.8
+++ b/checkpolicy/checkpolicy.8
@@ -3,7 +3,7 @@
 checkpolicy \- SELinux policy compiler
 .SH SYNOPSIS
 .B checkpolicy
-.I "[\-b[F]] [\-C] [\-d] [\-M] [\-c policyvers] [\-o output_file] [input_file]"
+.I "[\-b[F]] [\-C] [\-d] [\-U handle_unknown (allow,deny,reject)] [\-M] [\-c policyvers] [\-o output_file] [\-S] [\-t target_platform (selinux,xen)] [\-V] [input_file]"
 .br
 .SH "DESCRIPTION"
 This manual page describes the
@@ -21,30 +21,33 @@ policy.conf or policy, depending on whether the \-b flag is specified.
 .B \-b,\-\-binary
 Read an existing binary policy file rather than a source policy.conf file.
 .TP
+.B \-F,\-\-conf
+Write policy.conf file rather than binary policy file. Can only be used with binary policy file.
+.TP
 .B \-C,\-\-cil
 Write CIL policy file rather than binary policy file.
 .TP
 .B \-d,\-\-debug
 Enter debug mode after loading the policy.
 .TP
-.B \-F,\-\-conf
-Write policy.conf file rather than binary policy file. Can only be used with binary policy file.
+.B \-U,\-\-handle-unknown <action>
+Specify how the kernel should handle unknown classes or permissions (deny, allow or reject).
 .TP
 .B \-M,\-\-mls
 Enable the MLS policy when checking and compiling the policy.
 .TP
+.B \-c policyvers
+Specify the policy version, defaults to the latest.
+.TP
 .B \-o,\-\-output filename
 Write a binary policy file to the specified filename.
 .TP
-.B \-c policyvers
-Specify the policy version, defaults to the latest.
+.B \-S,\-\-sort
+Sort ocontexts before writing out the binary policy. This option makes output of checkpolicy consistent with binary policies created by semanage and secilc.
 .TP
 .B \-t,\-\-target
 Specify the target platform (selinux or xen).
 .TP
-.B \-U,\-\-handle-unknown <action>
-Specify how the kernel should handle unknown classes or permissions (deny, allow or reject).
-.TP
 .B \-V,\-\-version
 Show version information.
 .TP
diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c
index 14dc91a3..e0a00f7c 100644
--- a/checkpolicy/checkpolicy.c
+++ b/checkpolicy/checkpolicy.c
@@ -113,7 +113,7 @@ static __attribute__((__noreturn__)) void usage(const char *progname)
 	printf
 	    ("usage:  %s [-b[F]] [-C] [-d] [-U handle_unknown (allow,deny,reject)] [-M] "
 	     "[-c policyvers (%d-%d)] [-o output_file] [-S] "
-	     "[-t target_platform (selinux,xen)] [input_file]\n",
+	     "[-t target_platform (selinux,xen)] [-V] [input_file]\n",
 	     progname, POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
 	exit(1);
 }
-- 
2.17.2


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] checkpolicy: Update manpage
  2019-02-07 10:25   ` [PATCH] checkpolicy: Update manpage Vit Mojzis
@ 2019-02-07 21:03     ` Nicolas Iooss
  2019-02-10 16:49       ` Nicolas Iooss
  0 siblings, 1 reply; 5+ messages in thread
From: Nicolas Iooss @ 2019-02-07 21:03 UTC (permalink / raw)
  To: Vit Mojzis; +Cc: selinux

On Thu, Feb 7, 2019 at 11:25 AM Vit Mojzis <vmojzis@redhat.com> wrote:
>
> - Add description of -S option
> - Sort the option descriptions based on the synopsis
> - Add missing options to synopsis
>
> Signed-off-by: Vit Mojzis <vmojzis@redhat.com>

Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>
> ---
>  checkpolicy/checkpolicy.8 | 19 +++++++++++--------
>  checkpolicy/checkpolicy.c |  2 +-
>  2 files changed, 12 insertions(+), 9 deletions(-)
>
> diff --git a/checkpolicy/checkpolicy.8 b/checkpolicy/checkpolicy.8
> index 1c8805d5..8f7dad41 100644
> --- a/checkpolicy/checkpolicy.8
> +++ b/checkpolicy/checkpolicy.8
> @@ -3,7 +3,7 @@
>  checkpolicy \- SELinux policy compiler
>  .SH SYNOPSIS
>  .B checkpolicy
> -.I "[\-b[F]] [\-C] [\-d] [\-M] [\-c policyvers] [\-o output_file] [input_file]"
> +.I "[\-b[F]] [\-C] [\-d] [\-U handle_unknown (allow,deny,reject)] [\-M] [\-c policyvers] [\-o output_file] [\-S] [\-t target_platform (selinux,xen)] [\-V] [input_file]"
>  .br
>  .SH "DESCRIPTION"
>  This manual page describes the
> @@ -21,30 +21,33 @@ policy.conf or policy, depending on whether the \-b flag is specified.
>  .B \-b,\-\-binary
>  Read an existing binary policy file rather than a source policy.conf file.
>  .TP
> +.B \-F,\-\-conf
> +Write policy.conf file rather than binary policy file. Can only be used with binary policy file.
> +.TP
>  .B \-C,\-\-cil
>  Write CIL policy file rather than binary policy file.
>  .TP
>  .B \-d,\-\-debug
>  Enter debug mode after loading the policy.
>  .TP
> -.B \-F,\-\-conf
> -Write policy.conf file rather than binary policy file. Can only be used with binary policy file.
> +.B \-U,\-\-handle-unknown <action>
> +Specify how the kernel should handle unknown classes or permissions (deny, allow or reject).
>  .TP
>  .B \-M,\-\-mls
>  Enable the MLS policy when checking and compiling the policy.
>  .TP
> +.B \-c policyvers
> +Specify the policy version, defaults to the latest.
> +.TP
>  .B \-o,\-\-output filename
>  Write a binary policy file to the specified filename.
>  .TP
> -.B \-c policyvers
> -Specify the policy version, defaults to the latest.
> +.B \-S,\-\-sort
> +Sort ocontexts before writing out the binary policy. This option makes output of checkpolicy consistent with binary policies created by semanage and secilc.
>  .TP
>  .B \-t,\-\-target
>  Specify the target platform (selinux or xen).
>  .TP
> -.B \-U,\-\-handle-unknown <action>
> -Specify how the kernel should handle unknown classes or permissions (deny, allow or reject).
> -.TP
>  .B \-V,\-\-version
>  Show version information.
>  .TP
> diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c
> index 14dc91a3..e0a00f7c 100644
> --- a/checkpolicy/checkpolicy.c
> +++ b/checkpolicy/checkpolicy.c
> @@ -113,7 +113,7 @@ static __attribute__((__noreturn__)) void usage(const char *progname)
>         printf
>             ("usage:  %s [-b[F]] [-C] [-d] [-U handle_unknown (allow,deny,reject)] [-M] "
>              "[-c policyvers (%d-%d)] [-o output_file] [-S] "
> -            "[-t target_platform (selinux,xen)] [input_file]\n",
> +            "[-t target_platform (selinux,xen)] [-V] [input_file]\n",
>              progname, POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
>         exit(1);
>  }
> --
> 2.17.2
>


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH] checkpolicy: Update manpage
  2019-02-07 21:03     ` Nicolas Iooss
@ 2019-02-10 16:49       ` Nicolas Iooss
  0 siblings, 0 replies; 5+ messages in thread
From: Nicolas Iooss @ 2019-02-10 16:49 UTC (permalink / raw)
  To: Vit Mojzis; +Cc: selinux

On Thu, Feb 7, 2019 at 10:03 PM Nicolas Iooss <nicolas.iooss@m4x.org> wrote:
>
> On Thu, Feb 7, 2019 at 11:25 AM Vit Mojzis <vmojzis@redhat.com> wrote:
> >
> > - Add description of -S option
> > - Sort the option descriptions based on the synopsis
> > - Add missing options to synopsis
> >
> > Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
>
> Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>

Merged.

Nicolas

> > ---
> >  checkpolicy/checkpolicy.8 | 19 +++++++++++--------
> >  checkpolicy/checkpolicy.c |  2 +-
> >  2 files changed, 12 insertions(+), 9 deletions(-)
> >
> > diff --git a/checkpolicy/checkpolicy.8 b/checkpolicy/checkpolicy.8
> > index 1c8805d5..8f7dad41 100644
> > --- a/checkpolicy/checkpolicy.8
> > +++ b/checkpolicy/checkpolicy.8
> > @@ -3,7 +3,7 @@
> >  checkpolicy \- SELinux policy compiler
> >  .SH SYNOPSIS
> >  .B checkpolicy
> > -.I "[\-b[F]] [\-C] [\-d] [\-M] [\-c policyvers] [\-o output_file] [input_file]"
> > +.I "[\-b[F]] [\-C] [\-d] [\-U handle_unknown (allow,deny,reject)] [\-M] [\-c policyvers] [\-o output_file] [\-S] [\-t target_platform (selinux,xen)] [\-V] [input_file]"
> >  .br
> >  .SH "DESCRIPTION"
> >  This manual page describes the
> > @@ -21,30 +21,33 @@ policy.conf or policy, depending on whether the \-b flag is specified.
> >  .B \-b,\-\-binary
> >  Read an existing binary policy file rather than a source policy.conf file.
> >  .TP
> > +.B \-F,\-\-conf
> > +Write policy.conf file rather than binary policy file. Can only be used with binary policy file.
> > +.TP
> >  .B \-C,\-\-cil
> >  Write CIL policy file rather than binary policy file.
> >  .TP
> >  .B \-d,\-\-debug
> >  Enter debug mode after loading the policy.
> >  .TP
> > -.B \-F,\-\-conf
> > -Write policy.conf file rather than binary policy file. Can only be used with binary policy file.
> > +.B \-U,\-\-handle-unknown <action>
> > +Specify how the kernel should handle unknown classes or permissions (deny, allow or reject).
> >  .TP
> >  .B \-M,\-\-mls
> >  Enable the MLS policy when checking and compiling the policy.
> >  .TP
> > +.B \-c policyvers
> > +Specify the policy version, defaults to the latest.
> > +.TP
> >  .B \-o,\-\-output filename
> >  Write a binary policy file to the specified filename.
> >  .TP
> > -.B \-c policyvers
> > -Specify the policy version, defaults to the latest.
> > +.B \-S,\-\-sort
> > +Sort ocontexts before writing out the binary policy. This option makes output of checkpolicy consistent with binary policies created by semanage and secilc.
> >  .TP
> >  .B \-t,\-\-target
> >  Specify the target platform (selinux or xen).
> >  .TP
> > -.B \-U,\-\-handle-unknown <action>
> > -Specify how the kernel should handle unknown classes or permissions (deny, allow or reject).
> > -.TP
> >  .B \-V,\-\-version
> >  Show version information.
> >  .TP
> > diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c
> > index 14dc91a3..e0a00f7c 100644
> > --- a/checkpolicy/checkpolicy.c
> > +++ b/checkpolicy/checkpolicy.c
> > @@ -113,7 +113,7 @@ static __attribute__((__noreturn__)) void usage(const char *progname)
> >         printf
> >             ("usage:  %s [-b[F]] [-C] [-d] [-U handle_unknown (allow,deny,reject)] [-M] "
> >              "[-c policyvers (%d-%d)] [-o output_file] [-S] "
> > -            "[-t target_platform (selinux,xen)] [input_file]\n",
> > +            "[-t target_platform (selinux,xen)] [-V] [input_file]\n",
> >              progname, POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
> >         exit(1);
> >  }
> > --
> > 2.17.2
> >


^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, back to index

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-02-05  8:56 [PATCH] checkpolicy: Add -S option to manpage Vit Mojzis
2019-02-06 20:59 ` Nicolas Iooss
2019-02-07 10:25   ` [PATCH] checkpolicy: Update manpage Vit Mojzis
2019-02-07 21:03     ` Nicolas Iooss
2019-02-10 16:49       ` Nicolas Iooss

SELinux Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/selinux/0 selinux/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 selinux selinux/ https://lore.kernel.org/selinux \
		selinux@vger.kernel.org selinux@archiver.kernel.org
	public-inbox-index selinux


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.selinux


AGPL code for this site: git clone https://public-inbox.org/ public-inbox