Commit Graph

12 Commits

Author SHA1 Message Date
Nick Kralevich via Selinux
854fdc1ac4 checkpolicy: remove extraneous policy build noise
Reduce noise when calling the checkpolicy command line. In Android, this
creates unnecessary build noise which we'd like to avoid.

https://en.wikipedia.org/wiki/Unix_philosophy

  Rule of Silence
  Developers should design programs so that they do not print
  unnecessary output. This rule aims to allow other programs
  and developers to pick out the information they need from a
  program's output without having to parse verbosity.

An alternative approach would be to add a -s (silent) option to these
tools, or to have the Android build system redirect stdout to /dev/null.

Signed-off-by: Nick Kralevich <nnk@google.com>
2018-09-21 12:51:36 -07:00
Nicolas Iooss
ef61dd7d4b checkpolicy: add noreturn attribute to usage()
While at it, make usage() static and mark its argument as const.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2017-03-07 14:00:25 -05:00
Petr Lautrbach
b5f9debdb2 checkpolicy: Fix checkmodule output message
Originally checkmodule stated that it wrote to the input file instead of
to the output file.

Reported-By: Milos Malik <mmalik@redhat.com>
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2016-05-16 16:33:29 -04:00
James Carter
c6acfae4bc checkpolicy: Fail if module name different than output base filename
Since CIL treats files as modules and does not have a separate
module statement it can cause confusion when a Refpolicy module
has a name that is different than its base filename because older
SELinux userspaces will refer to the module by its module name while
a CIL-based userspace will refer to it by its filename.

Because of this, have checkmodule fail when compiling a module and
the output base filename is different than the module name.

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2016-04-12 10:41:11 -04:00
James Carter
b1d9456295 checkpolicy: Add support for generating CIL
Add support to checkpolicy and checkmodule for generating CIL as their
output.

Add new options "-C" and "--cil" to specify CIL as the output format.

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2015-04-01 13:09:26 -04:00
Nicolas Iooss
7dcb7a5946 checkpolicy: fix most gcc -Wwrite-strings warnings
Acked-by: Steve Lawrence <slawrence@tresys.com>
2014-10-02 09:56:28 -04:00
Stephen Smalley
bfb806120a Prevent incompatible option combinations.
checkmodule -m and -b are fundamentally incompatible with each other,
so reject attempts to use them together.

Resolves
https://bugzilla.redhat.com/show_bug.cgi?id=1064603

Also fix the error message for -m with -U to use stderr.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2014-02-20 14:20:20 -05:00
Laurent Bigonville
f6a03f1a3c --handle-unknown option takes a required argument
Fix a segmentation fault if the --handle-unknown option was set without
arguments.

Thanks to Alexandre Rebert and his team at Carnegie Mellon University
for detecting this crash.
2013-10-22 14:32:46 -04:00
Eric Paris
87e8d46f29 policycoreutils: checkmodule: fd leak reading policy
We never closed the fd to the policy file.  Close this fd as soon as we
are finished with it.

Signed-off-by: Eric Paris <eparis@redhat.com>
2012-09-12 14:30:20 -04:00
Daniel J Walsh
36fe4c35ee Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: Minor fixup of checkmodule man page.
Date: Mon, 03 May 2010 13:45:30 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Quality Engineering is going through all commands on the system looking
for mismatches between man page/usage and actual code.

It found that checkmodule had a -d option that is unused and undocumented -h
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkvfC7oACgkQrlYvE4MpobNPrACg0uP02CWYPs9YcdU87jts9YqT
hMAAn2QA1UWZpGLvvU4yxStmhUU1Kg1+
=topF
-----END PGP SIGNATURE-----

Signed-off-by: Chad Sellers <csellers@tresys.com>
2010-06-14 14:44:44 -04:00
Guido Trentalancia
bf57d2349e Patch for Ticket #1 [1672486] (checkpolicy/checkmodule)
This patch is proposed to solve Ticket #1 [1672486] (command line
binaries should support --version and --help).

It adds handling of -h, -V and the long formats --help and --version to
all binaries (checkpolicy/checkmodule).

It also adds handling of long options for some of the available options.

Manual pages have also been updated accordingly (and a few undocumented
options have been documented).

Guido Trentalancia

Signed-off-by: Joshua Brindle <method@manicmethod.com>
2009-11-27 13:39:03 -05:00
Joshua Brindle
13cd4c8960 initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00