Message ID | 1462865989-19741-1-git-send-email-plautrba@redhat.com (mailing list archive) |
---|---|
State | Not Applicable |
Headers | show |
On 05/10/2016 09:39 AM, Petr Lautrbach wrote: > The man page's example suggested to use -g instead of -E > > Signed-off-by: Petr Lautrbach <plautrba@redhat.com> > --- > policycoreutils/semodule/semodule.8 | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/policycoreutils/semodule/semodule.8 b/policycoreutils/semodule/semodule.8 > index 6db390c..e5b54b3 100644 > --- a/policycoreutils/semodule/semodule.8 > +++ b/policycoreutils/semodule/semodule.8 > @@ -121,7 +121,7 @@ $ semodule \-B \-p "/tmp" > $ semodule \-B \-S "/tmp/var/lib/selinux" > # Write the HLL version of puppet and the CIL version of wireshark > # modules at priority 400 to the current working directory > -$ semodule \-X 400 \-g wireshark \-\-cil \-g puppet \-\-hll > +$ semodule \-X 400 \-E wireshark \-\-cil \-E puppet \-\-hll Actually this command extracts the HLL version of wireshark and the CIL version of puppet (it creates wireshark.pp and puppet.cil on my system with checkpolicy 2.5). In order to do what the comment suggests, the --cil and --hll flags need to be set before the -E options: semodule -X 400 --cil -E wireshark --hll -E puppet. -- Nicolas
On 05/10/2016 07:04 PM, Nicolas Iooss wrote: > On 05/10/2016 09:39 AM, Petr Lautrbach wrote: >> The man page's example suggested to use -g instead of -E >> >> Signed-off-by: Petr Lautrbach <plautrba@redhat.com> >> --- >> policycoreutils/semodule/semodule.8 | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/policycoreutils/semodule/semodule.8 b/policycoreutils/semodule/semodule.8 >> index 6db390c..e5b54b3 100644 >> --- a/policycoreutils/semodule/semodule.8 >> +++ b/policycoreutils/semodule/semodule.8 >> @@ -121,7 +121,7 @@ $ semodule \-B \-p "/tmp" >> $ semodule \-B \-S "/tmp/var/lib/selinux" >> # Write the HLL version of puppet and the CIL version of wireshark >> # modules at priority 400 to the current working directory >> -$ semodule \-X 400 \-g wireshark \-\-cil \-g puppet \-\-hll >> +$ semodule \-X 400 \-E wireshark \-\-cil \-E puppet \-\-hll > > Actually this command extracts the HLL version of wireshark and the CIL > version of puppet (it creates wireshark.pp and puppet.cil on my system > with checkpolicy 2.5). In order to do what the comment suggests, the > --cil and --hll flags need to be set before the -E options: semodule -X > 400 --cil -E wireshark --hll -E puppet. > > -- Nicolas > I overlooked that. Thanks. I'll prepare another patch. Petr
diff --git a/policycoreutils/semodule/semodule.8 b/policycoreutils/semodule/semodule.8 index 6db390c..e5b54b3 100644 --- a/policycoreutils/semodule/semodule.8 +++ b/policycoreutils/semodule/semodule.8 @@ -121,7 +121,7 @@ $ semodule \-B \-p "/tmp" $ semodule \-B \-S "/tmp/var/lib/selinux" # Write the HLL version of puppet and the CIL version of wireshark # modules at priority 400 to the current working directory -$ semodule \-X 400 \-g wireshark \-\-cil \-g puppet \-\-hll +$ semodule \-X 400 \-E wireshark \-\-cil \-E puppet \-\-hll .fi .SH SEE ALSO
The man page's example suggested to use -g instead of -E Signed-off-by: Petr Lautrbach <plautrba@redhat.com> --- policycoreutils/semodule/semodule.8 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)