| Message ID | 20200721112512.1906547-1-dominick.grift@defensec.nl (mailing list archive) |
|---|---|
| State | Rejected |
| Headers | show |
| Series | policycoreutils: fix inaccurate description in sestatus | expand |
Dominick Grift <dominick.grift@defensec.nl> writes: > strdup(selinux_policy_root()) does not return a path that can be used to derive "Loaded policy name" > instead if returns a path that can be used to derive "Policy name from config file". Even though this seems like a nit, this issue was a bit embarrasing for me in one of my video tutorials: https://youtu.be/JsD8GLx_ZKA?t=1965 > > Signed-off-by: Dominick Grift <dominick.grift@defensec.nl> > --- > policycoreutils/sestatus/sestatus.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/policycoreutils/sestatus/sestatus.c b/policycoreutils/sestatus/sestatus.c > index b37f0353..8b03b028 100644 > --- a/policycoreutils/sestatus/sestatus.c > +++ b/policycoreutils/sestatus/sestatus.c > @@ -268,7 +268,7 @@ int main(int argc, char **argv) > free(root_path); > > /* Dump all the path information */ > - printf_tab("Loaded policy name:"); > + printf_tab("Policy name from config file:"); > pol_path = strdup(selinux_policy_root()); > if (pol_path) { > pol_name = basename(pol_path);
On Tue, Jul 21, 2020 at 7:27 AM Dominick Grift <dominick.grift@defensec.nl> wrote: > > strdup(selinux_policy_root()) does not return a path that can be used to derive "Loaded policy name" > instead if returns a path that can be used to derive "Policy name from config file". > > Signed-off-by: Dominick Grift <dominick.grift@defensec.nl> My only concern with this is whether it might break scripts that extract bits of information from sestatus output by matching on the existing prefix, especially since it has been this way for a long time (approaching 9 years?). OTOH, it looks like it was labeled "Policy from config file" prior to that commit. No strong feelings either way except that we don't want to break things for users unnecessarily. > --- > policycoreutils/sestatus/sestatus.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/policycoreutils/sestatus/sestatus.c b/policycoreutils/sestatus/sestatus.c > index b37f0353..8b03b028 100644 > --- a/policycoreutils/sestatus/sestatus.c > +++ b/policycoreutils/sestatus/sestatus.c > @@ -268,7 +268,7 @@ int main(int argc, char **argv) > free(root_path); > > /* Dump all the path information */ > - printf_tab("Loaded policy name:"); > + printf_tab("Policy name from config file:"); > pol_path = strdup(selinux_policy_root()); > if (pol_path) { > pol_name = basename(pol_path); > -- > 2.27.0 >
On 7/21/20 3:08 PM, Stephen Smalley wrote: > On Tue, Jul 21, 2020 at 7:27 AM Dominick Grift > <dominick.grift@defensec.nl> wrote: >> >> strdup(selinux_policy_root()) does not return a path that can be used to derive "Loaded policy name" >> instead if returns a path that can be used to derive "Policy name from config file". >> >> Signed-off-by: Dominick Grift <dominick.grift@defensec.nl> > > My only concern with this is whether it might break scripts that > extract bits of information from sestatus output by matching on the > existing prefix, especially since it has been this way for a long time > (approaching 9 years?). OTOH, it looks like it was labeled "Policy > from config file" prior to that commit. No strong feelings either way > except that we don't want to break things for users unnecessarily. Thanks I think I argee. pity that this slipped through the cracks in the first place. Probably best to leave this be. I will just make a mental note not to use sestatus in from of a camera to avoid embarrassment. > >> --- >> policycoreutils/sestatus/sestatus.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/policycoreutils/sestatus/sestatus.c b/policycoreutils/sestatus/sestatus.c >> index b37f0353..8b03b028 100644 >> --- a/policycoreutils/sestatus/sestatus.c >> +++ b/policycoreutils/sestatus/sestatus.c >> @@ -268,7 +268,7 @@ int main(int argc, char **argv) >> free(root_path); >> >> /* Dump all the path information */ >> - printf_tab("Loaded policy name:"); >> + printf_tab("Policy name from config file:"); >> pol_path = strdup(selinux_policy_root()); >> if (pol_path) { >> pol_name = basename(pol_path); >> -- >> 2.27.0 >>
diff --git a/policycoreutils/sestatus/sestatus.c b/policycoreutils/sestatus/sestatus.c index b37f0353..8b03b028 100644 --- a/policycoreutils/sestatus/sestatus.c +++ b/policycoreutils/sestatus/sestatus.c @@ -268,7 +268,7 @@ int main(int argc, char **argv) free(root_path); /* Dump all the path information */ - printf_tab("Loaded policy name:"); + printf_tab("Policy name from config file:"); pol_path = strdup(selinux_policy_root()); if (pol_path) { pol_name = basename(pol_path);
strdup(selinux_policy_root()) does not return a path that can be used to derive "Loaded policy name" instead if returns a path that can be used to derive "Policy name from config file". Signed-off-by: Dominick Grift <dominick.grift@defensec.nl> --- policycoreutils/sestatus/sestatus.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)