Add a comment at the top of the configuration file file_contexts.subs_dist
to clarify that it performs aliasing and not substitutions in the
strict sense of the word.
A name change might be considered too, if it proves to lead to further
confusion.
There might be pieces of documentation that could benefit from similar
considerations.
Also note that a specific manual page is missing.
Signed-off-by: Guido Trentalancia <[email protected]>
---
config/file_contexts.subs_dist | 10 ++++++++++
1 file changed, 10 insertions(+)
diff -pruN refpolicy-08092012/config/file_contexts.subs_dist
refpolicy-08092012-file_contexts.subs_dist-comment/config/file_contexts.subs_dist
--- refpolicy-08092012/config/file_contexts.subs_dist 2012-06-21
20:10:29.011803405 +0200
+++
refpolicy-08092012-file_contexts.subs_dist-comment/config/file_contexts.subs_dist
2012-08-10 17:01:36.045451839 +0200
@@ -1,3 +1,13 @@
+# This file can is used to configure base path aliases as in:
+#
+# /aliased_path /original_path_as_configured_in_file_contexts
+#
+# where original_path_as_configured_in_file_contexts is a base
+# path being used in the main file_contexts configuration file.
+#
+# It does not perform substitutions as done by sed(1), for
+# example, but aliasing.
+#
/lib32 /lib
/lib64 /lib
/run /var/run
On 08/10/12 09:13, Guido Trentalancia wrote:
> Add a comment at the top of the configuration file file_contexts.subs_dist
> to clarify that it performs aliasing and not substitutions in the
> strict sense of the word.
>
> A name change might be considered too, if it proves to lead to further
> confusion.
>
> There might be pieces of documentation that could benefit from similar
> considerations.
>
> Also note that a specific manual page is missing.
>
> Signed-off-by: Guido Trentalancia <[email protected]>
> ---
> config/file_contexts.subs_dist | 10 ++++++++++
> 1 file changed, 10 insertions(+)
>
> diff -pruN refpolicy-08092012/config/file_contexts.subs_dist refpolicy-08092012-file_contexts.subs_dist-comment/config/file_contexts.subs_dist
> --- refpolicy-08092012/config/file_contexts.subs_dist 2012-06-21 20:10:29.011803405 +0200
> +++ refpolicy-08092012-file_contexts.subs_dist-comment/config/file_contexts.subs_dist 2012-08-10 17:01:36.045451839 +0200
> @@ -1,3 +1,13 @@
> +# This file can is used to configure base path aliases as in:
> +#
> +# /aliased_path /original_path_as_configured_in_file_contexts
> +#
> +# where original_path_as_configured_in_file_contexts is a base
> +# path being used in the main file_contexts configuration file.
> +#
> +# It does not perform substitutions as done by sed(1), for
> +# example, but aliasing.
> +#
> /lib32 /lib
> /lib64 /lib
> /run /var/run
Merged.
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com
On Tue, Aug 14, 2012 at 08:03:58AM -0400, Christopher J. PeBenito wrote:
> On 08/10/12 09:13, Guido Trentalancia wrote:
> > Add a comment at the top of the configuration file file_contexts.subs_dist
> > to clarify that it performs aliasing and not substitutions in the
> > strict sense of the word.
> >
> > A name change might be considered too, if it proves to lead to further
> > confusion.
> >
> > There might be pieces of documentation that could benefit from similar
> > considerations.
> >
> > Also note that a specific manual page is missing.
> >
> > Signed-off-by: Guido Trentalancia <[email protected]>
> > ---
> > config/file_contexts.subs_dist | 10 ++++++++++
> > 1 file changed, 10 insertions(+)
> >
> > diff -pruN refpolicy-08092012/config/file_contexts.subs_dist refpolicy-08092012-file_contexts.subs_dist-comment/config/file_contexts.subs_dist
> > --- refpolicy-08092012/config/file_contexts.subs_dist 2012-06-21 20:10:29.011803405 +0200
> > +++ refpolicy-08092012-file_contexts.subs_dist-comment/config/file_contexts.subs_dist 2012-08-10 17:01:36.045451839 +0200
> > @@ -1,3 +1,13 @@
> > +# This file can is used to configure base path aliases as in:
> > +#
> > +# /aliased_path /original_path_as_configured_in_file_contexts
> > +#
> > +# where original_path_as_configured_in_file_contexts is a base
> > +# path being used in the main file_contexts configuration file.
> > +#
> > +# It does not perform substitutions as done by sed(1), for
> > +# example, but aliasing.
> > +#
> > /lib32 /lib
> > /lib64 /lib
> > /run /var/run
>
> Merged.
This seems to break policycoreutils:
# semanage fcontext -l
/usr/sbin/semanage: too many values to unpack (expected 2)
Undoing the comment change fixes things again.
Wkr,
Sven Vermeulen
On 15/08/2012 10:02, Sven Vermeulen wrote:
> On Tue, Aug 14, 2012 at 08:03:58AM -0400, Christopher J. PeBenito wrote:
>> On 08/10/12 09:13, Guido Trentalancia wrote:
>>> Add a comment at the top of the configuration file file_contexts.subs_dist
>>> to clarify that it performs aliasing and not substitutions in the
>>> strict sense of the word.
>>>
>>> A name change might be considered too, if it proves to lead to further
>>> confusion.
>>>
>>> There might be pieces of documentation that could benefit from similar
>>> considerations.
>>>
>>> Also note that a specific manual page is missing.
>>>
>>> Signed-off-by: Guido Trentalancia <[email protected]>
>>> ---
>>> config/file_contexts.subs_dist | 10 ++++++++++
>>> 1 file changed, 10 insertions(+)
>>>
>>> diff -pruN refpolicy-08092012/config/file_contexts.subs_dist refpolicy-08092012-file_contexts.subs_dist-comment/config/file_contexts.subs_dist
>>> --- refpolicy-08092012/config/file_contexts.subs_dist 2012-06-21 20:10:29.011803405 +0200
>>> +++ refpolicy-08092012-file_contexts.subs_dist-comment/config/file_contexts.subs_dist 2012-08-10 17:01:36.045451839 +0200
>>> @@ -1,3 +1,13 @@
>>> +# This file can is used to configure base path aliases as in:
>>> +#
>>> +# /aliased_path /original_path_as_configured_in_file_contexts
>>> +#
>>> +# where original_path_as_configured_in_file_contexts is a base
>>> +# path being used in the main file_contexts configuration file.
>>> +#
>>> +# It does not perform substitutions as done by sed(1), for
>>> +# example, but aliasing.
>>> +#
>>> /lib32 /lib
>>> /lib64 /lib
>>> /run /var/run
>>
>> Merged.
>
> This seems to break policycoreutils:
>
> # semanage fcontext -l
> /usr/sbin/semanage: too many values to unpack (expected 2)
>
> Undoing the comment change fixes things again.
Is semanage using the standard library functions to read the file ?
Because I had a very quick look through the library and the #-comment
skipping code seemed to be there...
Regards,
Guido
On Wed, Aug 15, 2012 at 10:13:26AM +0200, Guido Trentalancia wrote:
> > This seems to break policycoreutils:
> >
> > # semanage fcontext -l
> > /usr/sbin/semanage: too many values to unpack (expected 2)
> >
> > Undoing the comment change fixes things again.
>
> Is semanage using the standard library functions to read the file ?
> Because I had a very quick look through the library and the #-comment
> skipping code seemed to be there...
fd = open(selinux.selinux_file_context_subs_dist_path(), "r")
for i in fd.readlines():
target, substitute = i.split()
self.equiv_dist[target] = substitute
fd.close()
Just opens the file, reads lines and assumes there are always two
values (target & substitute) on each line. This is from seobject.py.
Wkr,
Sven Vermeulen
PS Sorry for mailing you directly the first time, forgot to update the "To" header...
Hello Sven.
On 15/08/2012 10:20, Sven Vermeulen wrote:
> On Wed, Aug 15, 2012 at 10:13:26AM +0200, Guido Trentalancia wrote:
>>> This seems to break policycoreutils:
>>>
>>> # semanage fcontext -l
>>> /usr/sbin/semanage: too many values to unpack (expected 2)
>>>
>>> Undoing the comment change fixes things again.
>>
>> Is semanage using the standard library functions to read the file ?
>> Because I had a very quick look through the library and the #-comment
>> skipping code seemed to be there...
>
> fd = open(selinux.selinux_file_context_subs_dist_path(), "r")
> for i in fd.readlines():
> target, substitute = i.split()
> self.equiv_dist[target] = substitute
> fd.close()
>
> Just opens the file, reads lines and assumes there are always two
> values (target & substitute) on each line. This is from seobject.py.
You may have a broken version of the userspace tools.
I have just tested again and the copy of semanage that I have runs fine
the above mentioned test.
The version of semanage I am using should be dated June 2012, if that
helps...
It's important to keep that note in my opinion, because otherwise it
tends to generate confusion due to the somewhat unfortunate name that
has been chosen for the file and due to the lack of a specific
(userspace) manual page.
I'll be on holidays in a few hours, so don't expect much more from this
side anytime soon...
Regards,
Guido
On Wed, Aug 15, 2012 at 10:38:40AM +0200, Guido Trentalancia wrote:
> You may have a broken version of the userspace tools.
>
> I have just tested again and the copy of semanage that I have runs fine
> the above mentioned test.
>
> The version of semanage I am using should be dated June 2012, if that
> helps...
>
> It's important to keep that note in my opinion, because otherwise it
> tends to generate confusion due to the somewhat unfortunate name that
> has been chosen for the file and due to the lack of a specific
> (userspace) manual page.
The latest release of policycoreutils is from 2012-02-16
(policycoreutils-2.1.10). The one I have is that version, plus a few
python-3 supporting fixes. I tried it with Python-2.7 to be sure, but got
the same result.
Perhaps your distribution has fixes to it that haven't been made upstream
yet (or not in a stable release)?
Wkr,
Sven Vermeulen
On 15/08/2012 10:45, Sven Vermeulen wrote:
> On Wed, Aug 15, 2012 at 10:38:40AM +0200, Guido Trentalancia wrote:
>> You may have a broken version of the userspace tools.
>>
>> I have just tested again and the copy of semanage that I have runs fine
>> the above mentioned test.
>>
>> The version of semanage I am using should be dated June 2012, if that
>> helps...
>>
>> It's important to keep that note in my opinion, because otherwise it
>> tends to generate confusion due to the somewhat unfortunate name that
>> has been chosen for the file and due to the lack of a specific
>> (userspace) manual page.
>
> The latest release of policycoreutils is from 2012-02-16
> (policycoreutils-2.1.10). The one I have is that version, plus a few
> python-3 supporting fixes. I tried it with Python-2.7 to be sure, but got
> the same result.
>
> Perhaps your distribution has fixes to it that haven't been made upstream
> yet (or not in a stable release)?
I have tested with the SELinux userspace tree dated 4th of June 2012
without any patch applied.
Either it works or it should be made to work as it's just comments and
#-comments should be supported in configuration files.
Regards,
Guido