The options should have been like --allowxperm but were like --allowx. Fix
to be consistent with sediff, which has these options.
Fortunately argparse recognizes abbreviations of long options, so anyone
that started using, --allowx, for example, can still use that.
- Add an iterator to extract the extended permissions rather than
returning only a string
- Add queries for determining if an avrule is extended, and what its
type the extended avrule is (e.g. ioctl)
- Removed tests, but should probably revert that change and make sure
they still work
- Fixed some warnings about unsigned/signed comparisons with ebitmaps
- Updates seinfo and sesearch to support new extended avrule changes
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
Add updates to seinfo and sesearch to test libqpol updates
added via [1].
Also include extra tests for Xen and xperms. Note, xperms
cannot yet test the extended perms as needs more work on
libqpol.
[1] 0001-setools-V4-libqpol-policy-V30-updates-xen-xperm-stat.patch
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Makes use simpler. The setools submodules map 1:1 to classes anyway;
the separate modules are simply to ease organization.
Change seinfo to use conditional setter use rather than conditional
instantiation of queries. Note: pylint disable is added because pylint
gets confused by the reuse of the q variable and thinks that q is always
BoolQuery, so it incorrectly reports missing member functions.
Not comprehensive yet. Only planning to do setools pkg (not policyrep),
with the exception being the SELinuxPolicy class in policyrep.
Avoids performance-critical paths. Use only info and debug so in normal
cases the user only sees messages if they ask for it (e.g. -v).
Catch all exceptions in the main bulk of the CLI code. We can't do anything
if there is an exception, so either print the error message from the
exception, or print the traceback if debug is enabled.
