* [PATCH 1/2] libsemanage: add semanage_handle_create_with_path @ 2025-04-11 18:59 Tristan Ross 2025-04-11 18:59 ` [PATCH 2/2] semodule: add config argument Tristan Ross 2025-04-15 14:34 ` [PATCH 1/2] libsemanage: add semanage_handle_create_with_path Christian Göttsche 0 siblings, 2 replies; 17+ messages in thread From: Tristan Ross @ 2025-04-11 18:59 UTC (permalink / raw) To: selinux; +Cc: Tristan Ross --- libsemanage/include/semanage/handle.h | 6 +++++- libsemanage/src/handle.c | 26 +++++++++++++++++++------- libsemanage/src/libsemanage.map | 1 + 3 files changed, 25 insertions(+), 8 deletions(-) diff --git a/libsemanage/include/semanage/handle.h b/libsemanage/include/semanage/handle.h index a5ea31de..601cd9ee 100644 --- a/libsemanage/include/semanage/handle.h +++ b/libsemanage/include/semanage/handle.h @@ -30,7 +30,11 @@ struct semanage_handle; typedef struct semanage_handle semanage_handle_t; -/* Create and return a semanage handle. +/* Create and return a semanage handle with a specific config path. + The handle is initially in the disconnected state. */ +semanage_handle_t *semanage_handle_create_with_path(const char *conf_name); + +/* Create and return a semanage handle with the default config path. The handle is initially in the disconnected state. */ extern semanage_handle_t *semanage_handle_create(void); diff --git a/libsemanage/src/handle.c b/libsemanage/src/handle.c index faea0606..ca57702a 100644 --- a/libsemanage/src/handle.c +++ b/libsemanage/src/handle.c @@ -59,19 +59,14 @@ const char * semanage_root(void) return private_semanage_root; } - -semanage_handle_t *semanage_handle_create(void) +semanage_handle_t *semanage_handle_create_with_path(const char *conf_name) { semanage_handle_t *sh = NULL; - char *conf_name = NULL; /* Allocate handle */ if ((sh = calloc(1, sizeof(semanage_handle_t))) == NULL) goto err; - if ((conf_name = semanage_conf_path()) == NULL) - goto err; - if ((sh->conf = semanage_conf_parse(conf_name)) == NULL) goto err; @@ -106,13 +101,30 @@ semanage_handle_t *semanage_handle_create(void) sh->msg_callback = semanage_msg_default_handler; sh->msg_callback_arg = NULL; + return sh; + + err: + semanage_handle_destroy(sh); + return NULL; +} + +semanage_handle_t *semanage_handle_create(void) +{ + semanage_handle_t *sh = NULL; + char *conf_name = NULL; + + if ((conf_name = semanage_conf_path()) == NULL) + goto err; + + if ((sh = semanage_handle_create_with_path(conf_name)) == NULL) + goto err; + free(conf_name); return sh; err: free(conf_name); - semanage_handle_destroy(sh); return NULL; } diff --git a/libsemanage/src/libsemanage.map b/libsemanage/src/libsemanage.map index c8214b26..02c615ac 100644 --- a/libsemanage/src/libsemanage.map +++ b/libsemanage/src/libsemanage.map @@ -347,6 +347,7 @@ LIBSEMANAGE_1.1 { } LIBSEMANAGE_1.0; LIBSEMANAGE_3.4 { + semanage_handle_create_with_path; semanage_module_compute_checksum; semanage_set_check_ext_changes; } LIBSEMANAGE_1.1; -- 2.47.2 ^ permalink raw reply related [flat|nested] 17+ messages in thread
* [PATCH 2/2] semodule: add config argument 2025-04-11 18:59 [PATCH 1/2] libsemanage: add semanage_handle_create_with_path Tristan Ross @ 2025-04-11 18:59 ` Tristan Ross 2025-04-15 14:34 ` [PATCH 1/2] libsemanage: add semanage_handle_create_with_path Christian Göttsche 1 sibling, 0 replies; 17+ messages in thread From: Tristan Ross @ 2025-04-11 18:59 UTC (permalink / raw) To: selinux; +Cc: Tristan Ross --- policycoreutils/semodule/semodule.c | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c index ebe062bf..274cdbd9 100644 --- a/policycoreutils/semodule/semodule.c +++ b/policycoreutils/semodule/semodule.c @@ -145,6 +145,7 @@ static void usage(char *progname) printf(" -v,--verbose be verbose\n"); printf(" -P,--preserve_tunables Preserve tunables in policy\n"); printf(" -C,--ignore-module-cache Rebuild CIL modules compiled from HLL files\n"); + printf(" -o,--config=PATH use an alternate path for the semanage config\n"); printf(" -p,--path use an alternate path for the policy root\n"); printf(" -S,--store-path use an alternate path for the policy store root\n"); printf(" -c, --cil extract module as cil. This only affects module extraction.\n"); @@ -223,7 +224,7 @@ static void parse_command_line(int argc, char **argv) check_ext_changes = 0; priority = 400; while ((i = - getopt_long(argc, argv, "s:b:hi:l::vr:u:RnNBDCPX:e:d:p:S:E:cHm", + getopt_long(argc, argv, "s:b:hi:l::vr:u:RnNBDCPX:e:d:p:o:S:E:cHm", opts, &longind)) != -1) { switch (i) { case '\0': @@ -304,6 +305,14 @@ static void parse_command_line(int argc, char **argv) case 'C': ignore_module_cache = 1; break; + case 'o': + sh = semanage_handle_create_with_path(optarg); + if (!sh) { + fprintf(stderr, "%s: Could not create semanage handle\n", + argv[0]); + exit(1); + } + break; case 'X': set_mode(PRIORITY_M, optarg); break; @@ -421,11 +430,13 @@ int main(int argc, char *argv[]) if (build || check_ext_changes) commit = 1; - sh = semanage_handle_create(); if (!sh) { - fprintf(stderr, "%s: Could not create semanage handle\n", - argv[0]); - goto cleanup_nohandle; + sh = semanage_handle_create(); + if (!sh) { + fprintf(stderr, "%s: Could not create semanage handle\n", + argv[0]); + goto cleanup_nohandle; + } } if (store) { -- 2.47.2 ^ permalink raw reply related [flat|nested] 17+ messages in thread
* Re: [PATCH 1/2] libsemanage: add semanage_handle_create_with_path 2025-04-11 18:59 [PATCH 1/2] libsemanage: add semanage_handle_create_with_path Tristan Ross 2025-04-11 18:59 ` [PATCH 2/2] semodule: add config argument Tristan Ross @ 2025-04-15 14:34 ` Christian Göttsche 2025-04-16 4:50 ` Tristan Ross 1 sibling, 1 reply; 17+ messages in thread From: Christian Göttsche @ 2025-04-15 14:34 UTC (permalink / raw) To: Tristan Ross; +Cc: selinux On Fri, 11 Apr 2025 at 21:01, Tristan Ross <tristan.ross@midstall.com> wrote: > > --- > libsemanage/include/semanage/handle.h | 6 +++++- > libsemanage/src/handle.c | 26 +++++++++++++++++++------- > libsemanage/src/libsemanage.map | 1 + > 3 files changed, 25 insertions(+), 8 deletions(-) > > diff --git a/libsemanage/include/semanage/handle.h b/libsemanage/include/semanage/handle.h > index a5ea31de..601cd9ee 100644 > --- a/libsemanage/include/semanage/handle.h > +++ b/libsemanage/include/semanage/handle.h > @@ -30,7 +30,11 @@ > struct semanage_handle; > typedef struct semanage_handle semanage_handle_t; > > -/* Create and return a semanage handle. > +/* Create and return a semanage handle with a specific config path. > + The handle is initially in the disconnected state. */ > +semanage_handle_t *semanage_handle_create_with_path(const char *conf_name); > + > +/* Create and return a semanage handle with the default config path. > The handle is initially in the disconnected state. */ > extern semanage_handle_t *semanage_handle_create(void); > > diff --git a/libsemanage/src/handle.c b/libsemanage/src/handle.c > index faea0606..ca57702a 100644 > --- a/libsemanage/src/handle.c > +++ b/libsemanage/src/handle.c > @@ -59,19 +59,14 @@ const char * semanage_root(void) > return private_semanage_root; > } > > - > -semanage_handle_t *semanage_handle_create(void) > +semanage_handle_t *semanage_handle_create_with_path(const char *conf_name) > { > semanage_handle_t *sh = NULL; > - char *conf_name = NULL; > > /* Allocate handle */ > if ((sh = calloc(1, sizeof(semanage_handle_t))) == NULL) > goto err; > > - if ((conf_name = semanage_conf_path()) == NULL) > - goto err; > - > if ((sh->conf = semanage_conf_parse(conf_name)) == NULL) > goto err; > > @@ -106,13 +101,30 @@ semanage_handle_t *semanage_handle_create(void) > sh->msg_callback = semanage_msg_default_handler; > sh->msg_callback_arg = NULL; > > + return sh; > + > + err: > + semanage_handle_destroy(sh); > + return NULL; > +} > + > +semanage_handle_t *semanage_handle_create(void) > +{ > + semanage_handle_t *sh = NULL; > + char *conf_name = NULL; > + > + if ((conf_name = semanage_conf_path()) == NULL) > + goto err; > + > + if ((sh = semanage_handle_create_with_path(conf_name)) == NULL) > + goto err; > + > free(conf_name); > > return sh; > > err: > free(conf_name); > - semanage_handle_destroy(sh); > return NULL; > } > > diff --git a/libsemanage/src/libsemanage.map b/libsemanage/src/libsemanage.map > index c8214b26..02c615ac 100644 > --- a/libsemanage/src/libsemanage.map > +++ b/libsemanage/src/libsemanage.map > @@ -347,6 +347,7 @@ LIBSEMANAGE_1.1 { > } LIBSEMANAGE_1.0; > > LIBSEMANAGE_3.4 { > + semanage_handle_create_with_path; This should be placed in a new soname section. > semanage_module_compute_checksum; > semanage_set_check_ext_changes; > } LIBSEMANAGE_1.1; > -- > 2.47.2 > > ^ permalink raw reply [flat|nested] 17+ messages in thread
* [PATCH 1/2] libsemanage: add semanage_handle_create_with_path 2025-04-15 14:34 ` [PATCH 1/2] libsemanage: add semanage_handle_create_with_path Christian Göttsche @ 2025-04-16 4:50 ` Tristan Ross 2025-04-16 15:53 ` James Carter 2025-04-16 19:46 ` Petr Lautrbach 0 siblings, 2 replies; 17+ messages in thread From: Tristan Ross @ 2025-04-16 4:50 UTC (permalink / raw) To: selinux; +Cc: Tristan Ross --- libsemanage/include/semanage/handle.h | 6 +++++- libsemanage/src/handle.c | 26 +++++++++++++++++++------- libsemanage/src/libsemanage.map | 4 ++++ 3 files changed, 28 insertions(+), 8 deletions(-) diff --git a/libsemanage/include/semanage/handle.h b/libsemanage/include/semanage/handle.h index a5ea31de..601cd9ee 100644 --- a/libsemanage/include/semanage/handle.h +++ b/libsemanage/include/semanage/handle.h @@ -30,7 +30,11 @@ struct semanage_handle; typedef struct semanage_handle semanage_handle_t; -/* Create and return a semanage handle. +/* Create and return a semanage handle with a specific config path. + The handle is initially in the disconnected state. */ +semanage_handle_t *semanage_handle_create_with_path(const char *conf_name); + +/* Create and return a semanage handle with the default config path. The handle is initially in the disconnected state. */ extern semanage_handle_t *semanage_handle_create(void); diff --git a/libsemanage/src/handle.c b/libsemanage/src/handle.c index faea0606..ca57702a 100644 --- a/libsemanage/src/handle.c +++ b/libsemanage/src/handle.c @@ -59,19 +59,14 @@ const char * semanage_root(void) return private_semanage_root; } - -semanage_handle_t *semanage_handle_create(void) +semanage_handle_t *semanage_handle_create_with_path(const char *conf_name) { semanage_handle_t *sh = NULL; - char *conf_name = NULL; /* Allocate handle */ if ((sh = calloc(1, sizeof(semanage_handle_t))) == NULL) goto err; - if ((conf_name = semanage_conf_path()) == NULL) - goto err; - if ((sh->conf = semanage_conf_parse(conf_name)) == NULL) goto err; @@ -106,13 +101,30 @@ semanage_handle_t *semanage_handle_create(void) sh->msg_callback = semanage_msg_default_handler; sh->msg_callback_arg = NULL; + return sh; + + err: + semanage_handle_destroy(sh); + return NULL; +} + +semanage_handle_t *semanage_handle_create(void) +{ + semanage_handle_t *sh = NULL; + char *conf_name = NULL; + + if ((conf_name = semanage_conf_path()) == NULL) + goto err; + + if ((sh = semanage_handle_create_with_path(conf_name)) == NULL) + goto err; + free(conf_name); return sh; err: free(conf_name); - semanage_handle_destroy(sh); return NULL; } diff --git a/libsemanage/src/libsemanage.map b/libsemanage/src/libsemanage.map index c8214b26..5dab7bf7 100644 --- a/libsemanage/src/libsemanage.map +++ b/libsemanage/src/libsemanage.map @@ -350,3 +350,7 @@ LIBSEMANAGE_3.4 { semanage_module_compute_checksum; semanage_set_check_ext_changes; } LIBSEMANAGE_1.1; + +LIBSEMANAGE_3.5 { + semanage_handle_create_with_path; +} LIBSEMANAGE_3.4; -- 2.47.2 ^ permalink raw reply related [flat|nested] 17+ messages in thread
* Re: [PATCH 1/2] libsemanage: add semanage_handle_create_with_path 2025-04-16 4:50 ` Tristan Ross @ 2025-04-16 15:53 ` James Carter 2025-04-16 19:46 ` Petr Lautrbach 1 sibling, 0 replies; 17+ messages in thread From: James Carter @ 2025-04-16 15:53 UTC (permalink / raw) To: Tristan Ross; +Cc: selinux On Wed, Apr 16, 2025 at 12:50 AM Tristan Ross <tristan.ross@midstall.com> wrote: > Along with a "Signed-off-by" tag, both of these patches need a commit log that describes what they do and why they were created. Thanks, Jim > --- > libsemanage/include/semanage/handle.h | 6 +++++- > libsemanage/src/handle.c | 26 +++++++++++++++++++------- > libsemanage/src/libsemanage.map | 4 ++++ > 3 files changed, 28 insertions(+), 8 deletions(-) > > diff --git a/libsemanage/include/semanage/handle.h b/libsemanage/include/semanage/handle.h > index a5ea31de..601cd9ee 100644 > --- a/libsemanage/include/semanage/handle.h > +++ b/libsemanage/include/semanage/handle.h > @@ -30,7 +30,11 @@ > struct semanage_handle; > typedef struct semanage_handle semanage_handle_t; > > -/* Create and return a semanage handle. > +/* Create and return a semanage handle with a specific config path. > + The handle is initially in the disconnected state. */ > +semanage_handle_t *semanage_handle_create_with_path(const char *conf_name); > + > +/* Create and return a semanage handle with the default config path. > The handle is initially in the disconnected state. */ > extern semanage_handle_t *semanage_handle_create(void); > > diff --git a/libsemanage/src/handle.c b/libsemanage/src/handle.c > index faea0606..ca57702a 100644 > --- a/libsemanage/src/handle.c > +++ b/libsemanage/src/handle.c > @@ -59,19 +59,14 @@ const char * semanage_root(void) > return private_semanage_root; > } > > - > -semanage_handle_t *semanage_handle_create(void) > +semanage_handle_t *semanage_handle_create_with_path(const char *conf_name) > { > semanage_handle_t *sh = NULL; > - char *conf_name = NULL; > > /* Allocate handle */ > if ((sh = calloc(1, sizeof(semanage_handle_t))) == NULL) > goto err; > > - if ((conf_name = semanage_conf_path()) == NULL) > - goto err; > - > if ((sh->conf = semanage_conf_parse(conf_name)) == NULL) > goto err; > > @@ -106,13 +101,30 @@ semanage_handle_t *semanage_handle_create(void) > sh->msg_callback = semanage_msg_default_handler; > sh->msg_callback_arg = NULL; > > + return sh; > + > + err: > + semanage_handle_destroy(sh); > + return NULL; > +} > + > +semanage_handle_t *semanage_handle_create(void) > +{ > + semanage_handle_t *sh = NULL; > + char *conf_name = NULL; > + > + if ((conf_name = semanage_conf_path()) == NULL) > + goto err; > + > + if ((sh = semanage_handle_create_with_path(conf_name)) == NULL) > + goto err; > + > free(conf_name); > > return sh; > > err: > free(conf_name); > - semanage_handle_destroy(sh); > return NULL; > } > > diff --git a/libsemanage/src/libsemanage.map b/libsemanage/src/libsemanage.map > index c8214b26..5dab7bf7 100644 > --- a/libsemanage/src/libsemanage.map > +++ b/libsemanage/src/libsemanage.map > @@ -350,3 +350,7 @@ LIBSEMANAGE_3.4 { > semanage_module_compute_checksum; > semanage_set_check_ext_changes; > } LIBSEMANAGE_1.1; > + > +LIBSEMANAGE_3.5 { > + semanage_handle_create_with_path; > +} LIBSEMANAGE_3.4; > -- > 2.47.2 > > ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH 1/2] libsemanage: add semanage_handle_create_with_path 2025-04-16 4:50 ` Tristan Ross 2025-04-16 15:53 ` James Carter @ 2025-04-16 19:46 ` Petr Lautrbach 2025-04-17 2:16 ` Tristan Ross 2025-04-18 18:12 ` [PATCH 1/2] libsemanage: add semanage_handle_create_with_path Tristan Ross 1 sibling, 2 replies; 17+ messages in thread From: Petr Lautrbach @ 2025-04-16 19:46 UTC (permalink / raw) To: Tristan Ross, selinux; +Cc: Tristan Ross Tristan Ross <tristan.ross@midstall.com> writes: > --- > libsemanage/include/semanage/handle.h | 6 +++++- > libsemanage/src/handle.c | 26 +++++++++++++++++++------- > libsemanage/src/libsemanage.map | 4 ++++ > 3 files changed, 28 insertions(+), 8 deletions(-) > > diff --git a/libsemanage/include/semanage/handle.h b/libsemanage/include/semanage/handle.h > index a5ea31de..601cd9ee 100644 > --- a/libsemanage/include/semanage/handle.h > +++ b/libsemanage/include/semanage/handle.h > @@ -30,7 +30,11 @@ > struct semanage_handle; > typedef struct semanage_handle semanage_handle_t; > > -/* Create and return a semanage handle. > +/* Create and return a semanage handle with a specific config path. > + The handle is initially in the disconnected state. */ > +semanage_handle_t *semanage_handle_create_with_path(const char *conf_name); > + > +/* Create and return a semanage handle with the default config path. > The handle is initially in the disconnected state. */ > extern semanage_handle_t *semanage_handle_create(void); > > diff --git a/libsemanage/src/handle.c b/libsemanage/src/handle.c > index faea0606..ca57702a 100644 > --- a/libsemanage/src/handle.c > +++ b/libsemanage/src/handle.c > @@ -59,19 +59,14 @@ const char * semanage_root(void) > return private_semanage_root; > } > > - > -semanage_handle_t *semanage_handle_create(void) > +semanage_handle_t *semanage_handle_create_with_path(const char *conf_name) > { > semanage_handle_t *sh = NULL; > - char *conf_name = NULL; > > /* Allocate handle */ > if ((sh = calloc(1, sizeof(semanage_handle_t))) == NULL) > goto err; > > - if ((conf_name = semanage_conf_path()) == NULL) > - goto err; > - > if ((sh->conf = semanage_conf_parse(conf_name)) == NULL) > goto err; > > @@ -106,13 +101,30 @@ semanage_handle_t *semanage_handle_create(void) > sh->msg_callback = semanage_msg_default_handler; > sh->msg_callback_arg = NULL; > > + return sh; > + > + err: > + semanage_handle_destroy(sh); > + return NULL; > +} > + > +semanage_handle_t *semanage_handle_create(void) > +{ > + semanage_handle_t *sh = NULL; > + char *conf_name = NULL; > + > + if ((conf_name = semanage_conf_path()) == NULL) > + goto err; > + > + if ((sh = semanage_handle_create_with_path(conf_name)) == NULL) > + goto err; > + > free(conf_name); > > return sh; > > err: > free(conf_name); > - semanage_handle_destroy(sh); > return NULL; > } > > diff --git a/libsemanage/src/libsemanage.map b/libsemanage/src/libsemanage.map > index c8214b26..5dab7bf7 100644 > --- a/libsemanage/src/libsemanage.map > +++ b/libsemanage/src/libsemanage.map > @@ -350,3 +350,7 @@ LIBSEMANAGE_3.4 { > semanage_module_compute_checksum; > semanage_set_check_ext_changes; > } LIBSEMANAGE_1.1; > + > +LIBSEMANAGE_3.5 { > + semanage_handle_create_with_path; > +} LIBSEMANAGE_3.4; > It will be part of the next 3.9 release therefore this should be +LIBSEMANAGE_3.9 { + semanage_handle_create_with_path; +} LIBSEMANAGE_3.4; -- > 2.47.2 ^ permalink raw reply [flat|nested] 17+ messages in thread
* [PATCH 1/2] libsemanage: add semanage_handle_create_with_path 2025-04-16 19:46 ` Petr Lautrbach @ 2025-04-17 2:16 ` Tristan Ross 2025-04-17 2:16 ` [PATCH 2/2] semodule: add config argument Tristan Ross 2025-04-18 18:12 ` [PATCH 1/2] libsemanage: add semanage_handle_create_with_path Tristan Ross 1 sibling, 1 reply; 17+ messages in thread From: Tristan Ross @ 2025-04-17 2:16 UTC (permalink / raw) To: selinux; +Cc: Tristan Ross Adds "semanage_handle_create_with_path" to create an semanage handle with a config file from a specific path. This is useful for baking SELinux policy generation into a Nix derivation. Signed-off-by: Tristan Ross <tristan.ross@midstall.com> --- libsemanage/include/semanage/handle.h | 6 +++++- libsemanage/src/handle.c | 26 +++++++++++++++++++------- libsemanage/src/libsemanage.map | 4 ++++ 3 files changed, 28 insertions(+), 8 deletions(-) diff --git a/libsemanage/include/semanage/handle.h b/libsemanage/include/semanage/handle.h index a5ea31de..601cd9ee 100644 --- a/libsemanage/include/semanage/handle.h +++ b/libsemanage/include/semanage/handle.h @@ -30,7 +30,11 @@ struct semanage_handle; typedef struct semanage_handle semanage_handle_t; -/* Create and return a semanage handle. +/* Create and return a semanage handle with a specific config path. + The handle is initially in the disconnected state. */ +semanage_handle_t *semanage_handle_create_with_path(const char *conf_name); + +/* Create and return a semanage handle with the default config path. The handle is initially in the disconnected state. */ extern semanage_handle_t *semanage_handle_create(void); diff --git a/libsemanage/src/handle.c b/libsemanage/src/handle.c index faea0606..ca57702a 100644 --- a/libsemanage/src/handle.c +++ b/libsemanage/src/handle.c @@ -59,19 +59,14 @@ const char * semanage_root(void) return private_semanage_root; } - -semanage_handle_t *semanage_handle_create(void) +semanage_handle_t *semanage_handle_create_with_path(const char *conf_name) { semanage_handle_t *sh = NULL; - char *conf_name = NULL; /* Allocate handle */ if ((sh = calloc(1, sizeof(semanage_handle_t))) == NULL) goto err; - if ((conf_name = semanage_conf_path()) == NULL) - goto err; - if ((sh->conf = semanage_conf_parse(conf_name)) == NULL) goto err; @@ -106,13 +101,30 @@ semanage_handle_t *semanage_handle_create(void) sh->msg_callback = semanage_msg_default_handler; sh->msg_callback_arg = NULL; + return sh; + + err: + semanage_handle_destroy(sh); + return NULL; +} + +semanage_handle_t *semanage_handle_create(void) +{ + semanage_handle_t *sh = NULL; + char *conf_name = NULL; + + if ((conf_name = semanage_conf_path()) == NULL) + goto err; + + if ((sh = semanage_handle_create_with_path(conf_name)) == NULL) + goto err; + free(conf_name); return sh; err: free(conf_name); - semanage_handle_destroy(sh); return NULL; } diff --git a/libsemanage/src/libsemanage.map b/libsemanage/src/libsemanage.map index c8214b26..5dab7bf7 100644 --- a/libsemanage/src/libsemanage.map +++ b/libsemanage/src/libsemanage.map @@ -350,3 +350,7 @@ LIBSEMANAGE_3.4 { semanage_module_compute_checksum; semanage_set_check_ext_changes; } LIBSEMANAGE_1.1; + +LIBSEMANAGE_3.5 { + semanage_handle_create_with_path; +} LIBSEMANAGE_3.4; -- 2.47.2 ^ permalink raw reply related [flat|nested] 17+ messages in thread
* [PATCH 2/2] semodule: add config argument 2025-04-17 2:16 ` Tristan Ross @ 2025-04-17 2:16 ` Tristan Ross 0 siblings, 0 replies; 17+ messages in thread From: Tristan Ross @ 2025-04-17 2:16 UTC (permalink / raw) To: selinux; +Cc: Tristan Ross Use "semanage_handle_create_with_path" and implement a new flag for handling semanage config files at specific paths. Signed-off-by: Tristan Ross <tristan.ross@midstall.com> --- policycoreutils/semodule/semodule.c | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c index ebe062bf..80fd0451 100644 --- a/policycoreutils/semodule/semodule.c +++ b/policycoreutils/semodule/semodule.c @@ -145,6 +145,7 @@ static void usage(char *progname) printf(" -v,--verbose be verbose\n"); printf(" -P,--preserve_tunables Preserve tunables in policy\n"); printf(" -C,--ignore-module-cache Rebuild CIL modules compiled from HLL files\n"); + printf(" -o,--config=PATH use an alternate path for the semanage config\n"); printf(" -p,--path use an alternate path for the policy root\n"); printf(" -S,--store-path use an alternate path for the policy store root\n"); printf(" -c, --cil extract module as cil. This only affects module extraction.\n"); @@ -210,6 +211,7 @@ static void parse_command_line(int argc, char **argv) {"enable", required_argument, NULL, 'e'}, {"disable", required_argument, NULL, 'd'}, {"path", required_argument, NULL, 'p'}, + {"config", required_argument, NULL, 'o'}, {"store-path", required_argument, NULL, 'S'}, {"checksum", 0, NULL, 'm'}, {NULL, 0, NULL, 0} @@ -223,7 +225,7 @@ static void parse_command_line(int argc, char **argv) check_ext_changes = 0; priority = 400; while ((i = - getopt_long(argc, argv, "s:b:hi:l::vr:u:RnNBDCPX:e:d:p:S:E:cHm", + getopt_long(argc, argv, "s:b:hi:l::vr:u:RnNBDCPX:e:d:p:o:S:E:cHm", opts, &longind)) != -1) { switch (i) { case '\0': @@ -304,6 +306,14 @@ static void parse_command_line(int argc, char **argv) case 'C': ignore_module_cache = 1; break; + case 'o': + sh = semanage_handle_create_with_path(optarg); + if (!sh) { + fprintf(stderr, "%s: Could not create semanage handle\n", + argv[0]); + exit(1); + } + break; case 'X': set_mode(PRIORITY_M, optarg); break; @@ -421,11 +431,13 @@ int main(int argc, char *argv[]) if (build || check_ext_changes) commit = 1; - sh = semanage_handle_create(); if (!sh) { - fprintf(stderr, "%s: Could not create semanage handle\n", - argv[0]); - goto cleanup_nohandle; + sh = semanage_handle_create(); + if (!sh) { + fprintf(stderr, "%s: Could not create semanage handle\n", + argv[0]); + goto cleanup_nohandle; + } } if (store) { -- 2.47.2 ^ permalink raw reply related [flat|nested] 17+ messages in thread
* [PATCH 1/2] libsemanage: add semanage_handle_create_with_path 2025-04-16 19:46 ` Petr Lautrbach 2025-04-17 2:16 ` Tristan Ross @ 2025-04-18 18:12 ` Tristan Ross 2025-04-18 18:12 ` [PATCH 2/2] semodule: add config argument Tristan Ross 1 sibling, 1 reply; 17+ messages in thread From: Tristan Ross @ 2025-04-18 18:12 UTC (permalink / raw) To: selinux; +Cc: Tristan Ross Adds "semanage_handle_create_with_path" to create an semanage handle with a config file from a specific path. This is useful for baking SELinux policy generation into a Nix derivation. Signed-off-by: Tristan Ross <tristan.ross@midstall.com> --- libsemanage/include/semanage/handle.h | 6 +++++- libsemanage/src/handle.c | 26 +++++++++++++++++++------- libsemanage/src/libsemanage.map | 4 ++++ 3 files changed, 28 insertions(+), 8 deletions(-) diff --git a/libsemanage/include/semanage/handle.h b/libsemanage/include/semanage/handle.h index a5ea31de..601cd9ee 100644 --- a/libsemanage/include/semanage/handle.h +++ b/libsemanage/include/semanage/handle.h @@ -30,7 +30,11 @@ struct semanage_handle; typedef struct semanage_handle semanage_handle_t; -/* Create and return a semanage handle. +/* Create and return a semanage handle with a specific config path. + The handle is initially in the disconnected state. */ +semanage_handle_t *semanage_handle_create_with_path(const char *conf_name); + +/* Create and return a semanage handle with the default config path. The handle is initially in the disconnected state. */ extern semanage_handle_t *semanage_handle_create(void); diff --git a/libsemanage/src/handle.c b/libsemanage/src/handle.c index faea0606..ca57702a 100644 --- a/libsemanage/src/handle.c +++ b/libsemanage/src/handle.c @@ -59,19 +59,14 @@ const char * semanage_root(void) return private_semanage_root; } - -semanage_handle_t *semanage_handle_create(void) +semanage_handle_t *semanage_handle_create_with_path(const char *conf_name) { semanage_handle_t *sh = NULL; - char *conf_name = NULL; /* Allocate handle */ if ((sh = calloc(1, sizeof(semanage_handle_t))) == NULL) goto err; - if ((conf_name = semanage_conf_path()) == NULL) - goto err; - if ((sh->conf = semanage_conf_parse(conf_name)) == NULL) goto err; @@ -106,13 +101,30 @@ semanage_handle_t *semanage_handle_create(void) sh->msg_callback = semanage_msg_default_handler; sh->msg_callback_arg = NULL; + return sh; + + err: + semanage_handle_destroy(sh); + return NULL; +} + +semanage_handle_t *semanage_handle_create(void) +{ + semanage_handle_t *sh = NULL; + char *conf_name = NULL; + + if ((conf_name = semanage_conf_path()) == NULL) + goto err; + + if ((sh = semanage_handle_create_with_path(conf_name)) == NULL) + goto err; + free(conf_name); return sh; err: free(conf_name); - semanage_handle_destroy(sh); return NULL; } diff --git a/libsemanage/src/libsemanage.map b/libsemanage/src/libsemanage.map index c8214b26..8d7d8b05 100644 --- a/libsemanage/src/libsemanage.map +++ b/libsemanage/src/libsemanage.map @@ -350,3 +350,7 @@ LIBSEMANAGE_3.4 { semanage_module_compute_checksum; semanage_set_check_ext_changes; } LIBSEMANAGE_1.1; + +LIBSEMANAGE_3.9 { + semanage_handle_create_with_path; +} LIBSEMANAGE_3.4; -- 2.47.2 ^ permalink raw reply related [flat|nested] 17+ messages in thread
* [PATCH 2/2] semodule: add config argument 2025-04-18 18:12 ` [PATCH 1/2] libsemanage: add semanage_handle_create_with_path Tristan Ross @ 2025-04-18 18:12 ` Tristan Ross 2025-04-23 19:03 ` James Carter 0 siblings, 1 reply; 17+ messages in thread From: Tristan Ross @ 2025-04-18 18:12 UTC (permalink / raw) To: selinux; +Cc: Tristan Ross Use "semanage_handle_create_with_path" and implement a new flag for handling semanage config files at specific paths. Signed-off-by: Tristan Ross <tristan.ross@midstall.com> --- policycoreutils/semodule/semodule.c | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c index ebe062bf..80fd0451 100644 --- a/policycoreutils/semodule/semodule.c +++ b/policycoreutils/semodule/semodule.c @@ -145,6 +145,7 @@ static void usage(char *progname) printf(" -v,--verbose be verbose\n"); printf(" -P,--preserve_tunables Preserve tunables in policy\n"); printf(" -C,--ignore-module-cache Rebuild CIL modules compiled from HLL files\n"); + printf(" -o,--config=PATH use an alternate path for the semanage config\n"); printf(" -p,--path use an alternate path for the policy root\n"); printf(" -S,--store-path use an alternate path for the policy store root\n"); printf(" -c, --cil extract module as cil. This only affects module extraction.\n"); @@ -210,6 +211,7 @@ static void parse_command_line(int argc, char **argv) {"enable", required_argument, NULL, 'e'}, {"disable", required_argument, NULL, 'd'}, {"path", required_argument, NULL, 'p'}, + {"config", required_argument, NULL, 'o'}, {"store-path", required_argument, NULL, 'S'}, {"checksum", 0, NULL, 'm'}, {NULL, 0, NULL, 0} @@ -223,7 +225,7 @@ static void parse_command_line(int argc, char **argv) check_ext_changes = 0; priority = 400; while ((i = - getopt_long(argc, argv, "s:b:hi:l::vr:u:RnNBDCPX:e:d:p:S:E:cHm", + getopt_long(argc, argv, "s:b:hi:l::vr:u:RnNBDCPX:e:d:p:o:S:E:cHm", opts, &longind)) != -1) { switch (i) { case '\0': @@ -304,6 +306,14 @@ static void parse_command_line(int argc, char **argv) case 'C': ignore_module_cache = 1; break; + case 'o': + sh = semanage_handle_create_with_path(optarg); + if (!sh) { + fprintf(stderr, "%s: Could not create semanage handle\n", + argv[0]); + exit(1); + } + break; case 'X': set_mode(PRIORITY_M, optarg); break; @@ -421,11 +431,13 @@ int main(int argc, char *argv[]) if (build || check_ext_changes) commit = 1; - sh = semanage_handle_create(); if (!sh) { - fprintf(stderr, "%s: Could not create semanage handle\n", - argv[0]); - goto cleanup_nohandle; + sh = semanage_handle_create(); + if (!sh) { + fprintf(stderr, "%s: Could not create semanage handle\n", + argv[0]); + goto cleanup_nohandle; + } } if (store) { -- 2.47.2 ^ permalink raw reply related [flat|nested] 17+ messages in thread
* Re: [PATCH 2/2] semodule: add config argument 2025-04-18 18:12 ` [PATCH 2/2] semodule: add config argument Tristan Ross @ 2025-04-23 19:03 ` James Carter 2025-04-25 18:06 ` [PATCH 1/2] libsemanage: add semanage_handle_create_with_path Tristan Ross 2025-04-25 18:09 ` [PATCH 1/2] libsemanage: add semanage_handle_create_with_path Tristan Ross 0 siblings, 2 replies; 17+ messages in thread From: James Carter @ 2025-04-23 19:03 UTC (permalink / raw) To: Tristan Ross; +Cc: selinux On Fri, Apr 18, 2025 at 2:13 PM Tristan Ross <tristan.ross@midstall.com> wrote: > > Use "semanage_handle_create_with_path" and implement a new flag for > handling semanage config files at specific paths. > > Signed-off-by: Tristan Ross <tristan.ross@midstall.com> > --- > policycoreutils/semodule/semodule.c | 22 +++++++++++++++++----- > 1 file changed, 17 insertions(+), 5 deletions(-) > > diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c > index ebe062bf..80fd0451 100644 > --- a/policycoreutils/semodule/semodule.c > +++ b/policycoreutils/semodule/semodule.c > @@ -145,6 +145,7 @@ static void usage(char *progname) > printf(" -v,--verbose be verbose\n"); > printf(" -P,--preserve_tunables Preserve tunables in policy\n"); > printf(" -C,--ignore-module-cache Rebuild CIL modules compiled from HLL files\n"); > + printf(" -o,--config=PATH use an alternate path for the semanage config\n"); I know that all of the obvious letters have already been used, but I really don't want to use "o" for this. I think I would prefer "g" to be used. Also, the man page needs to be updated as well. Functionally, everything looks good to me. Thanks, Jim > printf(" -p,--path use an alternate path for the policy root\n"); > printf(" -S,--store-path use an alternate path for the policy store root\n"); > printf(" -c, --cil extract module as cil. This only affects module extraction.\n"); > @@ -210,6 +211,7 @@ static void parse_command_line(int argc, char **argv) > {"enable", required_argument, NULL, 'e'}, > {"disable", required_argument, NULL, 'd'}, > {"path", required_argument, NULL, 'p'}, > + {"config", required_argument, NULL, 'o'}, > {"store-path", required_argument, NULL, 'S'}, > {"checksum", 0, NULL, 'm'}, > {NULL, 0, NULL, 0} > @@ -223,7 +225,7 @@ static void parse_command_line(int argc, char **argv) > check_ext_changes = 0; > priority = 400; > while ((i = > - getopt_long(argc, argv, "s:b:hi:l::vr:u:RnNBDCPX:e:d:p:S:E:cHm", > + getopt_long(argc, argv, "s:b:hi:l::vr:u:RnNBDCPX:e:d:p:o:S:E:cHm", > opts, &longind)) != -1) { > switch (i) { > case '\0': > @@ -304,6 +306,14 @@ static void parse_command_line(int argc, char **argv) > case 'C': > ignore_module_cache = 1; > break; > + case 'o': > + sh = semanage_handle_create_with_path(optarg); > + if (!sh) { > + fprintf(stderr, "%s: Could not create semanage handle\n", > + argv[0]); > + exit(1); > + } > + break; > case 'X': > set_mode(PRIORITY_M, optarg); > break; > @@ -421,11 +431,13 @@ int main(int argc, char *argv[]) > if (build || check_ext_changes) > commit = 1; > > - sh = semanage_handle_create(); > if (!sh) { > - fprintf(stderr, "%s: Could not create semanage handle\n", > - argv[0]); > - goto cleanup_nohandle; > + sh = semanage_handle_create(); > + if (!sh) { > + fprintf(stderr, "%s: Could not create semanage handle\n", > + argv[0]); > + goto cleanup_nohandle; > + } > } > > if (store) { > -- > 2.47.2 > > ^ permalink raw reply [flat|nested] 17+ messages in thread
* [PATCH 1/2] libsemanage: add semanage_handle_create_with_path 2025-04-23 19:03 ` James Carter @ 2025-04-25 18:06 ` Tristan Ross 2025-04-25 18:06 ` [PATCH 2/2] semodule: add config argument Tristan Ross 2025-04-25 18:09 ` [PATCH 1/2] libsemanage: add semanage_handle_create_with_path Tristan Ross 1 sibling, 1 reply; 17+ messages in thread From: Tristan Ross @ 2025-04-25 18:06 UTC (permalink / raw) To: selinux; +Cc: Tristan Ross Adds "semanage_handle_create_with_path" to create an semanage handle with a config file from a specific path. This is useful for baking SELinux policy generation into a Nix derivation. Signed-off-by: Tristan Ross <tristan.ross@midstall.com> --- libsemanage/include/semanage/handle.h | 6 +++++- libsemanage/src/handle.c | 26 +++++++++++++++++++------- libsemanage/src/libsemanage.map | 4 ++++ 3 files changed, 28 insertions(+), 8 deletions(-) diff --git a/libsemanage/include/semanage/handle.h b/libsemanage/include/semanage/handle.h index a5ea31de..601cd9ee 100644 --- a/libsemanage/include/semanage/handle.h +++ b/libsemanage/include/semanage/handle.h @@ -30,7 +30,11 @@ struct semanage_handle; typedef struct semanage_handle semanage_handle_t; -/* Create and return a semanage handle. +/* Create and return a semanage handle with a specific config path. + The handle is initially in the disconnected state. */ +semanage_handle_t *semanage_handle_create_with_path(const char *conf_name); + +/* Create and return a semanage handle with the default config path. The handle is initially in the disconnected state. */ extern semanage_handle_t *semanage_handle_create(void); diff --git a/libsemanage/src/handle.c b/libsemanage/src/handle.c index faea0606..ca57702a 100644 --- a/libsemanage/src/handle.c +++ b/libsemanage/src/handle.c @@ -59,19 +59,14 @@ const char * semanage_root(void) return private_semanage_root; } - -semanage_handle_t *semanage_handle_create(void) +semanage_handle_t *semanage_handle_create_with_path(const char *conf_name) { semanage_handle_t *sh = NULL; - char *conf_name = NULL; /* Allocate handle */ if ((sh = calloc(1, sizeof(semanage_handle_t))) == NULL) goto err; - if ((conf_name = semanage_conf_path()) == NULL) - goto err; - if ((sh->conf = semanage_conf_parse(conf_name)) == NULL) goto err; @@ -106,13 +101,30 @@ semanage_handle_t *semanage_handle_create(void) sh->msg_callback = semanage_msg_default_handler; sh->msg_callback_arg = NULL; + return sh; + + err: + semanage_handle_destroy(sh); + return NULL; +} + +semanage_handle_t *semanage_handle_create(void) +{ + semanage_handle_t *sh = NULL; + char *conf_name = NULL; + + if ((conf_name = semanage_conf_path()) == NULL) + goto err; + + if ((sh = semanage_handle_create_with_path(conf_name)) == NULL) + goto err; + free(conf_name); return sh; err: free(conf_name); - semanage_handle_destroy(sh); return NULL; } diff --git a/libsemanage/src/libsemanage.map b/libsemanage/src/libsemanage.map index c8214b26..8d7d8b05 100644 --- a/libsemanage/src/libsemanage.map +++ b/libsemanage/src/libsemanage.map @@ -350,3 +350,7 @@ LIBSEMANAGE_3.4 { semanage_module_compute_checksum; semanage_set_check_ext_changes; } LIBSEMANAGE_1.1; + +LIBSEMANAGE_3.9 { + semanage_handle_create_with_path; +} LIBSEMANAGE_3.4; -- 2.47.2 ^ permalink raw reply related [flat|nested] 17+ messages in thread
* [PATCH 2/2] semodule: add config argument 2025-04-25 18:06 ` [PATCH 1/2] libsemanage: add semanage_handle_create_with_path Tristan Ross @ 2025-04-25 18:06 ` Tristan Ross 0 siblings, 0 replies; 17+ messages in thread From: Tristan Ross @ 2025-04-25 18:06 UTC (permalink / raw) To: selinux; +Cc: Tristan Ross Use "semanage_handle_create_with_path" and implement a new flag for handling semanage config files at specific paths. Signed-off-by: Tristan Ross <tristan.ross@midstall.com> --- policycoreutils/semodule/semodule.c | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c index ebe062bf..ab5168eb 100644 --- a/policycoreutils/semodule/semodule.c +++ b/policycoreutils/semodule/semodule.c @@ -145,6 +145,7 @@ static void usage(char *progname) printf(" -v,--verbose be verbose\n"); printf(" -P,--preserve_tunables Preserve tunables in policy\n"); printf(" -C,--ignore-module-cache Rebuild CIL modules compiled from HLL files\n"); + printf(" -g,--config=PATH use an alternate path for the semanage config\n"); printf(" -p,--path use an alternate path for the policy root\n"); printf(" -S,--store-path use an alternate path for the policy store root\n"); printf(" -c, --cil extract module as cil. This only affects module extraction.\n"); @@ -210,6 +211,7 @@ static void parse_command_line(int argc, char **argv) {"enable", required_argument, NULL, 'e'}, {"disable", required_argument, NULL, 'd'}, {"path", required_argument, NULL, 'p'}, + {"config", required_argument, NULL, 'g'}, {"store-path", required_argument, NULL, 'S'}, {"checksum", 0, NULL, 'm'}, {NULL, 0, NULL, 0} @@ -223,7 +225,7 @@ static void parse_command_line(int argc, char **argv) check_ext_changes = 0; priority = 400; while ((i = - getopt_long(argc, argv, "s:b:hi:l::vr:u:RnNBDCPX:e:d:p:S:E:cHm", + getopt_long(argc, argv, "s:b:hi:l::vr:u:RnNBDCPX:e:d:p:g:S:E:cHm", opts, &longind)) != -1) { switch (i) { case '\0': @@ -304,6 +306,14 @@ static void parse_command_line(int argc, char **argv) case 'C': ignore_module_cache = 1; break; + case 'g': + sh = semanage_handle_create_with_path(optarg); + if (!sh) { + fprintf(stderr, "%s: Could not create semanage handle\n", + argv[0]); + exit(1); + } + break; case 'X': set_mode(PRIORITY_M, optarg); break; @@ -421,11 +431,13 @@ int main(int argc, char *argv[]) if (build || check_ext_changes) commit = 1; - sh = semanage_handle_create(); if (!sh) { - fprintf(stderr, "%s: Could not create semanage handle\n", - argv[0]); - goto cleanup_nohandle; + sh = semanage_handle_create(); + if (!sh) { + fprintf(stderr, "%s: Could not create semanage handle\n", + argv[0]); + goto cleanup_nohandle; + } } if (store) { -- 2.47.2 ^ permalink raw reply related [flat|nested] 17+ messages in thread
* [PATCH 1/2] libsemanage: add semanage_handle_create_with_path 2025-04-23 19:03 ` James Carter 2025-04-25 18:06 ` [PATCH 1/2] libsemanage: add semanage_handle_create_with_path Tristan Ross @ 2025-04-25 18:09 ` Tristan Ross 2025-04-25 18:09 ` [PATCH 2/2] semodule: add config argument Tristan Ross 2025-04-29 15:18 ` [PATCH 1/2] libsemanage: add semanage_handle_create_with_path James Carter 1 sibling, 2 replies; 17+ messages in thread From: Tristan Ross @ 2025-04-25 18:09 UTC (permalink / raw) To: selinux; +Cc: Tristan Ross Adds "semanage_handle_create_with_path" to create an semanage handle with a config file from a specific path. This is useful for baking SELinux policy generation into a Nix derivation. Signed-off-by: Tristan Ross <tristan.ross@midstall.com> --- libsemanage/include/semanage/handle.h | 6 +++++- libsemanage/src/handle.c | 26 +++++++++++++++++++------- libsemanage/src/libsemanage.map | 4 ++++ 3 files changed, 28 insertions(+), 8 deletions(-) diff --git a/libsemanage/include/semanage/handle.h b/libsemanage/include/semanage/handle.h index a5ea31de..601cd9ee 100644 --- a/libsemanage/include/semanage/handle.h +++ b/libsemanage/include/semanage/handle.h @@ -30,7 +30,11 @@ struct semanage_handle; typedef struct semanage_handle semanage_handle_t; -/* Create and return a semanage handle. +/* Create and return a semanage handle with a specific config path. + The handle is initially in the disconnected state. */ +semanage_handle_t *semanage_handle_create_with_path(const char *conf_name); + +/* Create and return a semanage handle with the default config path. The handle is initially in the disconnected state. */ extern semanage_handle_t *semanage_handle_create(void); diff --git a/libsemanage/src/handle.c b/libsemanage/src/handle.c index faea0606..ca57702a 100644 --- a/libsemanage/src/handle.c +++ b/libsemanage/src/handle.c @@ -59,19 +59,14 @@ const char * semanage_root(void) return private_semanage_root; } - -semanage_handle_t *semanage_handle_create(void) +semanage_handle_t *semanage_handle_create_with_path(const char *conf_name) { semanage_handle_t *sh = NULL; - char *conf_name = NULL; /* Allocate handle */ if ((sh = calloc(1, sizeof(semanage_handle_t))) == NULL) goto err; - if ((conf_name = semanage_conf_path()) == NULL) - goto err; - if ((sh->conf = semanage_conf_parse(conf_name)) == NULL) goto err; @@ -106,13 +101,30 @@ semanage_handle_t *semanage_handle_create(void) sh->msg_callback = semanage_msg_default_handler; sh->msg_callback_arg = NULL; + return sh; + + err: + semanage_handle_destroy(sh); + return NULL; +} + +semanage_handle_t *semanage_handle_create(void) +{ + semanage_handle_t *sh = NULL; + char *conf_name = NULL; + + if ((conf_name = semanage_conf_path()) == NULL) + goto err; + + if ((sh = semanage_handle_create_with_path(conf_name)) == NULL) + goto err; + free(conf_name); return sh; err: free(conf_name); - semanage_handle_destroy(sh); return NULL; } diff --git a/libsemanage/src/libsemanage.map b/libsemanage/src/libsemanage.map index c8214b26..8d7d8b05 100644 --- a/libsemanage/src/libsemanage.map +++ b/libsemanage/src/libsemanage.map @@ -350,3 +350,7 @@ LIBSEMANAGE_3.4 { semanage_module_compute_checksum; semanage_set_check_ext_changes; } LIBSEMANAGE_1.1; + +LIBSEMANAGE_3.9 { + semanage_handle_create_with_path; +} LIBSEMANAGE_3.4; -- 2.47.2 ^ permalink raw reply related [flat|nested] 17+ messages in thread
* [PATCH 2/2] semodule: add config argument 2025-04-25 18:09 ` [PATCH 1/2] libsemanage: add semanage_handle_create_with_path Tristan Ross @ 2025-04-25 18:09 ` Tristan Ross 2025-04-29 15:18 ` [PATCH 1/2] libsemanage: add semanage_handle_create_with_path James Carter 1 sibling, 0 replies; 17+ messages in thread From: Tristan Ross @ 2025-04-25 18:09 UTC (permalink / raw) To: selinux; +Cc: Tristan Ross Use "semanage_handle_create_with_path" and implement a new flag for handling semanage config files at specific paths. Signed-off-by: Tristan Ross <tristan.ross@midstall.com> --- policycoreutils/semodule/semodule.8 | 3 +++ policycoreutils/semodule/semodule.c | 22 +++++++++++++++++----- 2 files changed, 20 insertions(+), 5 deletions(-) diff --git a/policycoreutils/semodule/semodule.8 b/policycoreutils/semodule/semodule.8 index 00c60c1e..ae928611 100644 --- a/policycoreutils/semodule/semodule.8 +++ b/policycoreutils/semodule/semodule.8 @@ -86,6 +86,9 @@ Preserve tunables in policy .B \-C,\-\-ignore-module-cache Recompile CIL modules built from HLL files .TP +.B \-g,\-\-config=PATH +use an alternate path for the semanage config +.TP .B \-p,\-\-path Use an alternate path for the policy root .TP diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c index ebe062bf..ab5168eb 100644 --- a/policycoreutils/semodule/semodule.c +++ b/policycoreutils/semodule/semodule.c @@ -145,6 +145,7 @@ static void usage(char *progname) printf(" -v,--verbose be verbose\n"); printf(" -P,--preserve_tunables Preserve tunables in policy\n"); printf(" -C,--ignore-module-cache Rebuild CIL modules compiled from HLL files\n"); + printf(" -g,--config=PATH use an alternate path for the semanage config\n"); printf(" -p,--path use an alternate path for the policy root\n"); printf(" -S,--store-path use an alternate path for the policy store root\n"); printf(" -c, --cil extract module as cil. This only affects module extraction.\n"); @@ -210,6 +211,7 @@ static void parse_command_line(int argc, char **argv) {"enable", required_argument, NULL, 'e'}, {"disable", required_argument, NULL, 'd'}, {"path", required_argument, NULL, 'p'}, + {"config", required_argument, NULL, 'g'}, {"store-path", required_argument, NULL, 'S'}, {"checksum", 0, NULL, 'm'}, {NULL, 0, NULL, 0} @@ -223,7 +225,7 @@ static void parse_command_line(int argc, char **argv) check_ext_changes = 0; priority = 400; while ((i = - getopt_long(argc, argv, "s:b:hi:l::vr:u:RnNBDCPX:e:d:p:S:E:cHm", + getopt_long(argc, argv, "s:b:hi:l::vr:u:RnNBDCPX:e:d:p:g:S:E:cHm", opts, &longind)) != -1) { switch (i) { case '\0': @@ -304,6 +306,14 @@ static void parse_command_line(int argc, char **argv) case 'C': ignore_module_cache = 1; break; + case 'g': + sh = semanage_handle_create_with_path(optarg); + if (!sh) { + fprintf(stderr, "%s: Could not create semanage handle\n", + argv[0]); + exit(1); + } + break; case 'X': set_mode(PRIORITY_M, optarg); break; @@ -421,11 +431,13 @@ int main(int argc, char *argv[]) if (build || check_ext_changes) commit = 1; - sh = semanage_handle_create(); if (!sh) { - fprintf(stderr, "%s: Could not create semanage handle\n", - argv[0]); - goto cleanup_nohandle; + sh = semanage_handle_create(); + if (!sh) { + fprintf(stderr, "%s: Could not create semanage handle\n", + argv[0]); + goto cleanup_nohandle; + } } if (store) { -- 2.47.2 ^ permalink raw reply related [flat|nested] 17+ messages in thread
* Re: [PATCH 1/2] libsemanage: add semanage_handle_create_with_path 2025-04-25 18:09 ` [PATCH 1/2] libsemanage: add semanage_handle_create_with_path Tristan Ross 2025-04-25 18:09 ` [PATCH 2/2] semodule: add config argument Tristan Ross @ 2025-04-29 15:18 ` James Carter 2025-05-06 19:33 ` James Carter 1 sibling, 1 reply; 17+ messages in thread From: James Carter @ 2025-04-29 15:18 UTC (permalink / raw) To: Tristan Ross; +Cc: selinux On Fri, Apr 25, 2025 at 2:09 PM Tristan Ross <tristan.ross@midstall.com> wrote: > > Adds "semanage_handle_create_with_path" to create an semanage handle > with a config file from a specific path. This is useful for baking > SELinux policy generation into a Nix derivation. > > Signed-off-by: Tristan Ross <tristan.ross@midstall.com> For these two patches: Acked-by: James Carter <jwcart2@gmail.com> > --- > libsemanage/include/semanage/handle.h | 6 +++++- > libsemanage/src/handle.c | 26 +++++++++++++++++++------- > libsemanage/src/libsemanage.map | 4 ++++ > 3 files changed, 28 insertions(+), 8 deletions(-) > > diff --git a/libsemanage/include/semanage/handle.h b/libsemanage/include/semanage/handle.h > index a5ea31de..601cd9ee 100644 > --- a/libsemanage/include/semanage/handle.h > +++ b/libsemanage/include/semanage/handle.h > @@ -30,7 +30,11 @@ > struct semanage_handle; > typedef struct semanage_handle semanage_handle_t; > > -/* Create and return a semanage handle. > +/* Create and return a semanage handle with a specific config path. > + The handle is initially in the disconnected state. */ > +semanage_handle_t *semanage_handle_create_with_path(const char *conf_name); > + > +/* Create and return a semanage handle with the default config path. > The handle is initially in the disconnected state. */ > extern semanage_handle_t *semanage_handle_create(void); > > diff --git a/libsemanage/src/handle.c b/libsemanage/src/handle.c > index faea0606..ca57702a 100644 > --- a/libsemanage/src/handle.c > +++ b/libsemanage/src/handle.c > @@ -59,19 +59,14 @@ const char * semanage_root(void) > return private_semanage_root; > } > > - > -semanage_handle_t *semanage_handle_create(void) > +semanage_handle_t *semanage_handle_create_with_path(const char *conf_name) > { > semanage_handle_t *sh = NULL; > - char *conf_name = NULL; > > /* Allocate handle */ > if ((sh = calloc(1, sizeof(semanage_handle_t))) == NULL) > goto err; > > - if ((conf_name = semanage_conf_path()) == NULL) > - goto err; > - > if ((sh->conf = semanage_conf_parse(conf_name)) == NULL) > goto err; > > @@ -106,13 +101,30 @@ semanage_handle_t *semanage_handle_create(void) > sh->msg_callback = semanage_msg_default_handler; > sh->msg_callback_arg = NULL; > > + return sh; > + > + err: > + semanage_handle_destroy(sh); > + return NULL; > +} > + > +semanage_handle_t *semanage_handle_create(void) > +{ > + semanage_handle_t *sh = NULL; > + char *conf_name = NULL; > + > + if ((conf_name = semanage_conf_path()) == NULL) > + goto err; > + > + if ((sh = semanage_handle_create_with_path(conf_name)) == NULL) > + goto err; > + > free(conf_name); > > return sh; > > err: > free(conf_name); > - semanage_handle_destroy(sh); > return NULL; > } > > diff --git a/libsemanage/src/libsemanage.map b/libsemanage/src/libsemanage.map > index c8214b26..8d7d8b05 100644 > --- a/libsemanage/src/libsemanage.map > +++ b/libsemanage/src/libsemanage.map > @@ -350,3 +350,7 @@ LIBSEMANAGE_3.4 { > semanage_module_compute_checksum; > semanage_set_check_ext_changes; > } LIBSEMANAGE_1.1; > + > +LIBSEMANAGE_3.9 { > + semanage_handle_create_with_path; > +} LIBSEMANAGE_3.4; > -- > 2.47.2 > > ^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: [PATCH 1/2] libsemanage: add semanage_handle_create_with_path 2025-04-29 15:18 ` [PATCH 1/2] libsemanage: add semanage_handle_create_with_path James Carter @ 2025-05-06 19:33 ` James Carter 0 siblings, 0 replies; 17+ messages in thread From: James Carter @ 2025-05-06 19:33 UTC (permalink / raw) To: Tristan Ross; +Cc: selinux On Tue, Apr 29, 2025 at 11:18 AM James Carter <jwcart2@gmail.com> wrote: > > On Fri, Apr 25, 2025 at 2:09 PM Tristan Ross <tristan.ross@midstall.com> wrote: > > > > Adds "semanage_handle_create_with_path" to create an semanage handle > > with a config file from a specific path. This is useful for baking > > SELinux policy generation into a Nix derivation. > > > > Signed-off-by: Tristan Ross <tristan.ross@midstall.com> > > For these two patches: > Acked-by: James Carter <jwcart2@gmail.com> > These two patches have been merged. Thanks, Jim > > --- > > libsemanage/include/semanage/handle.h | 6 +++++- > > libsemanage/src/handle.c | 26 +++++++++++++++++++------- > > libsemanage/src/libsemanage.map | 4 ++++ > > 3 files changed, 28 insertions(+), 8 deletions(-) > > > > diff --git a/libsemanage/include/semanage/handle.h b/libsemanage/include/semanage/handle.h > > index a5ea31de..601cd9ee 100644 > > --- a/libsemanage/include/semanage/handle.h > > +++ b/libsemanage/include/semanage/handle.h > > @@ -30,7 +30,11 @@ > > struct semanage_handle; > > typedef struct semanage_handle semanage_handle_t; > > > > -/* Create and return a semanage handle. > > +/* Create and return a semanage handle with a specific config path. > > + The handle is initially in the disconnected state. */ > > +semanage_handle_t *semanage_handle_create_with_path(const char *conf_name); > > + > > +/* Create and return a semanage handle with the default config path. > > The handle is initially in the disconnected state. */ > > extern semanage_handle_t *semanage_handle_create(void); > > > > diff --git a/libsemanage/src/handle.c b/libsemanage/src/handle.c > > index faea0606..ca57702a 100644 > > --- a/libsemanage/src/handle.c > > +++ b/libsemanage/src/handle.c > > @@ -59,19 +59,14 @@ const char * semanage_root(void) > > return private_semanage_root; > > } > > > > - > > -semanage_handle_t *semanage_handle_create(void) > > +semanage_handle_t *semanage_handle_create_with_path(const char *conf_name) > > { > > semanage_handle_t *sh = NULL; > > - char *conf_name = NULL; > > > > /* Allocate handle */ > > if ((sh = calloc(1, sizeof(semanage_handle_t))) == NULL) > > goto err; > > > > - if ((conf_name = semanage_conf_path()) == NULL) > > - goto err; > > - > > if ((sh->conf = semanage_conf_parse(conf_name)) == NULL) > > goto err; > > > > @@ -106,13 +101,30 @@ semanage_handle_t *semanage_handle_create(void) > > sh->msg_callback = semanage_msg_default_handler; > > sh->msg_callback_arg = NULL; > > > > + return sh; > > + > > + err: > > + semanage_handle_destroy(sh); > > + return NULL; > > +} > > + > > +semanage_handle_t *semanage_handle_create(void) > > +{ > > + semanage_handle_t *sh = NULL; > > + char *conf_name = NULL; > > + > > + if ((conf_name = semanage_conf_path()) == NULL) > > + goto err; > > + > > + if ((sh = semanage_handle_create_with_path(conf_name)) == NULL) > > + goto err; > > + > > free(conf_name); > > > > return sh; > > > > err: > > free(conf_name); > > - semanage_handle_destroy(sh); > > return NULL; > > } > > > > diff --git a/libsemanage/src/libsemanage.map b/libsemanage/src/libsemanage.map > > index c8214b26..8d7d8b05 100644 > > --- a/libsemanage/src/libsemanage.map > > +++ b/libsemanage/src/libsemanage.map > > @@ -350,3 +350,7 @@ LIBSEMANAGE_3.4 { > > semanage_module_compute_checksum; > > semanage_set_check_ext_changes; > > } LIBSEMANAGE_1.1; > > + > > +LIBSEMANAGE_3.9 { > > + semanage_handle_create_with_path; > > +} LIBSEMANAGE_3.4; > > -- > > 2.47.2 > > > > ^ permalink raw reply [flat|nested] 17+ messages in thread
end of thread, other threads:[~2025-05-06 19:33 UTC | newest] Thread overview: 17+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2025-04-11 18:59 [PATCH 1/2] libsemanage: add semanage_handle_create_with_path Tristan Ross 2025-04-11 18:59 ` [PATCH 2/2] semodule: add config argument Tristan Ross 2025-04-15 14:34 ` [PATCH 1/2] libsemanage: add semanage_handle_create_with_path Christian Göttsche 2025-04-16 4:50 ` Tristan Ross 2025-04-16 15:53 ` James Carter 2025-04-16 19:46 ` Petr Lautrbach 2025-04-17 2:16 ` Tristan Ross 2025-04-17 2:16 ` [PATCH 2/2] semodule: add config argument Tristan Ross 2025-04-18 18:12 ` [PATCH 1/2] libsemanage: add semanage_handle_create_with_path Tristan Ross 2025-04-18 18:12 ` [PATCH 2/2] semodule: add config argument Tristan Ross 2025-04-23 19:03 ` James Carter 2025-04-25 18:06 ` [PATCH 1/2] libsemanage: add semanage_handle_create_with_path Tristan Ross 2025-04-25 18:06 ` [PATCH 2/2] semodule: add config argument Tristan Ross 2025-04-25 18:09 ` [PATCH 1/2] libsemanage: add semanage_handle_create_with_path Tristan Ross 2025-04-25 18:09 ` [PATCH 2/2] semodule: add config argument Tristan Ross 2025-04-29 15:18 ` [PATCH 1/2] libsemanage: add semanage_handle_create_with_path James Carter 2025-05-06 19:33 ` James Carter
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.