[Selinux-commits] SF.net SVN: selinux: [2169] trunk/policycoreutils

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Revision: 2169
          http://svn.sourceforge.net/selinux/?rev=2169&view=rev
Author:   ssmalley
Date:     2007-01-11 09:37:31 -0800 (Thu, 11 Jan 2007)

Log Message:
-----------
Author: Karl MacMillan
Email: kma...@me...
Subject: allow semodule -i to accept list of modules
Date: Tue, 09 Jan 2007 16:52:40 -0500

On Tue, 2007-01-09 at 15:43 -0500, Stephen Smalley wrote:
> On Tue, 2007-01-09 at 15:17 -0500, Stephen Smalley wrote:
> > On Tue, 2007-01-09 at 11:17 -0500, Joshua Brindle wrote:
> > > Karl MacMillan wrote:
> > > > The following patch allows semodule to handle a list of modules for
> > > > installation (i.e., semodule -i *.pp now works).
> > > >
> > > > Signed-off-by: Karl MacMillan <kma...@me...>
> > > >
> > > >   
> > > Acked-By: Joshua Brindle <jbr...@tr...>
> > 
> > Acked-by:  Stephen Smalley <sd...@ty...>
> > 
> > This means we can also update the semodule man page to remove the gross
> > hack we came up with to workaround the absence of such support,
> >        # Replace all modules with the ones in the current directory
> >        $ semodule -b base.pp ?\226?\128?\152semodule -l | awk ?\226?\128?\153{print "-i " $1
> > ".pp"}?\226?\128?\153?\226?\128?\152
> 
> BTW, any reason we wouldn't support the same thing for -u or -r?
> 

Patch below. It is less useful for -r, but still potentially easier. As
for the man page, that is updated but the command for updating
from /usr/share/selinux/policyname still sucks. I came up with:

ls *.pp | grep -Ev "base.pp|enableaudit.pp" | xargs /usr/sbin/semodule
-i

Gets rid of awk (so it is potentially easier for many), but it is
longer. At some point someone should make semodule just do the right
thing for a mixed list of modules and base modules. Of course, even that
wouldn't work for the /usr/share/selinux directories because of
enableaudit, so I give up.

Signed-off-by: Karl MacMillan <kma...@me...>

[sds:  Modified the man page.]

Acked-by:  Stephen Smalley <sd...@ty...>

Modified Paths:
--------------
    trunk/policycoreutils/ChangeLog
    trunk/policycoreutils/po/kn.po
    trunk/policycoreutils/semodule/semodule.8
    trunk/policycoreutils/semodule/semodule.c

Modified: trunk/policycoreutils/ChangeLog
===================================================================

--- trunk/policycoreutils/ChangeLog	2007-01-11 17:28:00 UTC (rev 2168)
+++ trunk/policycoreutils/ChangeLog	2007-01-11 17:37:31 UTC (rev 2169)
@@ -1,4 +1,5 @@
 	* Merged newrole securetty check from Dan Walsh.
+	* Merged semodule patch to generalize list support from Karl MacMillan.
 
 1.33.11 2007-01-09
 	* Merged fixfiles and seobject fixes from Dan Walsh.

Modified: trunk/policycoreutils/po/kn.po
===================================================================
(Binary files differ)

Modified: trunk/policycoreutils/semodule/semodule.8
===================================================================
--- trunk/policycoreutils/semodule/semodule.8	2007-01-11 17:28:00 UTC (rev 2168)
+++ trunk/policycoreutils/semodule/semodule.8	2007-01-11 17:37:31 UTC (rev 2169)
@@ -52,14 +52,16 @@
 
 .SH EXAMPLE
 .nf
-# Install a base policy package.
+# Install or replace a base policy package.
 $ semodule -b base.pp
-# Install a non-base policy package.
+# Install or replace a non-base policy package.
 $ semodule -i httpd.pp
 # List non-base modules.
 $ semodule -l
-# Replace all modules with the ones in the current directory
-$ semodule -b base.pp `semodule -l | awk '{print "-i " $1 ".pp"}'`
+# Install or replace all non-base modules in the current directory.
+$ semodule -i *.pp
+# Install or replace all modules in the current directory.
+$ ls *.pp | grep -Ev "base.pp|enableaudit.pp" | xargs /usr/sbin/semodule -b base.pp -i
 .fi
 
 .SH SEE ALSO

Modified: trunk/policycoreutils/semodule/semodule.c
===================================================================
--- trunk/policycoreutils/semodule/semodule.c	2007-01-11 17:28:00 UTC (rev 2168)
+++ trunk/policycoreutils/semodule/semodule.c	2007-01-11 17:37:31 UTC (rev 2169)
@@ -238,13 +238,17 @@
 	}
 
 	if (optind < argc) {
-		/* if -i was the last command treat any remaining
-		 * arguments as modules to allow 'semodule -i *.pp' to
+		int mode;
+		/* if -i/u/r was the last command treat any remaining
+		 * arguments as args. Will allow 'semodule -i *.pp' to
 		 * work as expected.
 		 */
 		if (commands[num_commands - 1].mode == INSTALL_M) {
-			while (optind < argc)
-				set_mode(INSTALL_M, argv[optind++]);
+			mode = INSTALL_M;
+		} else if (commands[num_commands - 1].mode == UPGRADE_M) {
+			mode = UPGRADE_M;
+		} else if (commands[num_commands - 1].mode == REMOVE_M) {
+			mode = REMOVE_M;
 		} else {
 			fprintf(stderr, "unknown additional arguments:\n");
 			while (optind < argc)
@@ -253,6 +257,8 @@
 			usage(argv[0]);
 			exit(1);
 		}
+		while (optind < argc)
+			set_mode(mode, argv[optind++]);
 	}
 }
 


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.


