semanage / file_contexts.local
Paul Howarth
paul at city-fan.org
Wed Mar 29 15:41:17 UTC 2006
Stephen Smalley wrote:
> On Wed, 2006-03-29 at 09:47 -0500, Ivan Gyurdiev wrote:
>>> One last thing: is it possible to add multiple objects in a single
>>> semanage call?
>> I don't think the python frontend supports it, but the backend library
>> certainly does - it's transactional, and only the commit takes a long
>> time. It seems like this would be useful to people - Dan?
>
> Not sure what the user interface would look like. semodule already
> supports multiple operations on a single command line, e.g.
> semodule -b base.pp -i a.pp -i b.pp
> but semanage syntax is a bit more complicated.
>
> Are we talking about just adding multiple objects of the same type in a
> single command, e.g. collapsing
> semanage port -a -t http_port_t -p tcp 81
> semanage port -a -t http_cache_port_t -p tcp 8081
> to something like:
> semanage port -a -t http_port_t -p tcp 81 -a -t http_cache_port_t -p tcp 8080
>
> Or dealing with arbitrary combinations, e.g. collapsing
> semanage port -a -t http_port_t -p tcp 81
> semanage fcontext -a -t httpd_sys_content_t '/web(/.*)?'
> to some single command line?
That would result in a very complex command-line parser and be difficult
for users as well as developers. It could get even worse, such as
wanting to combine add and modify operations.
An alternative approach might be to provide an option to skip the policy
rebuild. That way you could do a string of semanage commands and use the
"skip rebuild" option on all but the last of them.
Paul.
More information about the fedora-selinux-list
mailing list