policycoreutils: setsebool: -N should not reload policy on changes

Fix setsebool to use -N to not reload policy into the kernel optional on permanant changes. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2025-01-03 12:12:12 +00:00 · 2012-05-08 15:59:54 -04:00 · 2012-05-08 15:59:54 -04:00 · 413b4933ee
commit 413b4933ee
parent 82415fa1b0
2 changed files with 32 additions and 11 deletions
--- a/policycoreutils/setsebool/setsebool.8
+++ b/policycoreutils/setsebool/setsebool.8
@ -4,7 +4,7 @@ setsebool \- set SELinux boolean value

 .SH "SYNOPSIS"
 .B setsebool
-.I "[ -P ] boolean value | bool1=val1 bool2=val2 ..."
+.I "[ -PN ] boolean value | bool1=val1 bool2=val2 ..."

 .SH "DESCRIPTION"
 .B setsebool 
@ -18,6 +18,9 @@ are not changed.
 If the -P option is given, all pending values are written to
 the policy file on disk. So they will be persistent across reboots.

+If the -N option is given, the policy on disk is not reloaded into the kernel.
+
+
 .SH AUTHOR	
 This manual page was written by Dan Walsh <dwalsh@redhat.com>.
 The program was written by Tresys Technology.
--- a/policycoreutils/setsebool/setsebool.c
+++ b/policycoreutils/setsebool/setsebool.c
@ -6,6 +6,7 @@
 #include <fcntl.h>
 #include <errno.h>
 #include <syslog.h>
+#include <getopt.h>
 #include <pwd.h>
 #include <selinux/selinux.h>
 #include <semanage/handle.h>
@ -15,13 +16,14 @@
 #include <errno.h>

 int permanent = 0;
+int reload = 1;

 int setbool(char **list, size_t start, size_t end);

 void usage(void)
 {
 	fputs
-	    ("\nUsage:  setsebool [ -P ] boolean value | bool1=val1 bool2=val2...\n\n",
+	    ("\nUsage:  setsebool [ -NP ] boolean value | bool1=val1 bool2=val2...\n\n",
 	     stderr);
 	exit(1);
 }
@ -29,7 +31,7 @@ void usage(void)
 int main(int argc, char **argv)
 {
 	size_t rc, start;
-
+	int clflag;		/* holds codes for command line flags */
 	if (argc < 2)
 		usage();

@ -38,14 +40,30 @@ int main(int argc, char **argv)
 		return 1;
 	}

-	if (strcmp(argv[1], "-P") == 0) {
-		permanent = 1;
-		if (argc < 3)
-			usage();
-		start = 2;
-	} else
-		start = 1;
+	while (1) {
+		clflag = getopt(argc, argv, "PN");
+		if (clflag == -1)
+			break;

+		switch (clflag) {
+		case 'P':
+			permanent = 1;
+			break;
+		case 'N':
+		        reload = 0;
+			break;
+		default:
+			usage();
+			break;
+		}
+	}
+
+	if (argc - optind < 1) {
+		fprintf(stderr, "Error: boolean name required\n");
+		usage();
+	}
+
+	start = argc-optind;
 	/* Check to see which way we are being called. If a '=' is passed,
 	   we'll enforce the list syntax. If not we'll enforce the original
 	   syntax for backward compatibility. */
@ -165,7 +183,7 @@ static int semanage_set_boolean_list(size_t boolcnt,
 		boolean = NULL;
 	}

-	semanage_set_reload(handle, 0);
+	semanage_set_reload(handle, reload);
 	if (semanage_commit(handle) < 0)
 		goto err;