Re: [PATCH]: Basic info documentation for SELinux context related commands runcon and chcon

Tue, 07 Oct 2008 05:45:42 -0700 

Hi,

Jim Meyering wrote:
> Ondřej Vašík <[EMAIL PROTECTED]> wrote:
> > as those commands were not documented in info documentation, I wrote
> > basic info documentation for runcon and chcon command (and related
> > SELinux context menu section). It is completely based on man
> > documentation, I would say just the first step to have them documented.
> > Patch is in attachement.
> 
> Thanks for doing that!
> 
> I've added to your patch with the following.
> Please fold this into yours and add similar mark-up for runcon.
> Also, it'd be good to document the exit status values that runcon uses,
> as is done for at least nohup and timeout.
> 
> From 246ef8da7b03037e1666c9a1ff479ab3fdec14e2 Mon Sep 17 00:00:00 2001
> From: Jim Meyering <[EMAIL PROTECTED]>
> Date: Tue, 7 Oct 2008 00:03:35 +0200
> Subject: [PATCH] tweak wording, add formatting like @var, @option
> 
> ---
>  doc/coreutils.texi |   81 ++++++++++++++++++++++++---------------------------
>  1 files changed, 38 insertions(+), 43 deletions(-)

Thanks for review and suggested/requested changes. Here is amended patch
with all of your changes(and similar changes for runcon). 

Greetings,
         Ondřej

P.S. sorry for double post, accidently forgot to cc mailing list


From cd506e1bd2995fd2c322362a39a6d35b8e474d48 Mon Sep 17 00:00:00 2001
From: =?utf-8?q?Ond=C5=99ej=20Va=C5=A1=C3=ADk?= <[EMAIL PROTECTED]>
Date: Mon, 6 Oct 2008 14:18:53 +0200
Subject: [PATCH] Coreutils.texi: Document runcon and chcon in SELinux context section

* coreutils.texi: Document commands runcon and chcon,
add SELinux context section
---
 doc/coreutils.texi |  182 +++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 files changed, 181 insertions(+), 1 deletions(-)

diff --git a/doc/coreutils.texi b/doc/coreutils.texi
index 67da740..4dfde8a 100644
--- a/doc/coreutils.texi
+++ b/doc/coreutils.texi
@@ -32,7 +32,6 @@
 @c * [: (coreutils)[ invocation.                   File/string tests.
 @c * pinky: (coreutils)pinky invocation.           FIXME.
 @c * mktemp: (coreutils)mktemp invocation.         FIXME.
[EMAIL PROTECTED] * chcon: (coreutils)chcon invocation.           FIXME.
 
 @dircategory Individual utilities
 @direntry
@@ -40,6 +39,7 @@
 * base64: (coreutils)base64 invocation.         Base64 encode/decode data.
 * basename: (coreutils)basename invocation.     Strip directory and suffix.
 * cat: (coreutils)cat invocation.               Concatenate and write files.
+* chcon: (coreutils)chcon invocation.           Change SELinux CTX of files.
 * chgrp: (coreutils)chgrp invocation.           Change file groups.
 * chmod: (coreutils)chmod invocation.           Change file permissions.
 * chown: (coreutils)chown invocation.           Change file owners/groups.
@@ -95,6 +95,7 @@
 * readlink: (coreutils)readlink invocation.     Print referent of a symlink.
 * rm: (coreutils)rm invocation.                 Remove files.
 * rmdir: (coreutils)rmdir invocation.           Remove empty directories.
+* runcon: (coreutils)runcon invocation.         Run in specified SELinux CTX.
 * seq: (coreutils)seq invocation.               Print numeric sequences
 * sha1sum: (coreutils)sha1sum invocation.       Print or check SHA-1 digests.
 * sha2: (coreutils)sha2 utilities.              Print or check SHA-2 digests.
@@ -194,6 +195,7 @@ Free Documentation License''.
 * Working context::                    pwd stty printenv tty
 * User information::                   id logname whoami groups users who
 * System context::                     date uname hostname hostid uptime
+* SELinux context::                    chcon runcon
 * Modified command invocation::        chroot env nice nohup su timeout
 * Process control::                    kill
 * Delaying::                           sleep
@@ -421,6 +423,10 @@ System context
 * Date input formats::           Specifying date strings.
 * Examples of date::             Examples.
 
+SELinux context
+* chcon invocation::             Change SELinux context of file
+* runcon invocation::            Run a command in specified SELinux context
+
 Modified command invocation
 
 * chroot invocation::            Run a command with a different root directory
@@ -12882,6 +12888,180 @@ information.
 * uptime invocation::           Print system uptime and load
 @end menu
 
[EMAIL PROTECTED] SELinux context
[EMAIL PROTECTED] SELinux context
+
[EMAIL PROTECTED] SELinux context
[EMAIL PROTECTED] SELinux, context
[EMAIL PROTECTED] commands for SELinux context
+
+This section describes commands for operations with SELinux
+contexts.
+
[EMAIL PROTECTED]
+* chcon invocation::            Change SELinux context of file
+* runcon invocation::           Run a command in specified SELinux context
[EMAIL PROTECTED] menu
+
[EMAIL PROTECTED] chcon invocation
[EMAIL PROTECTED] @command{chcon}: Change SELinux context of file.
+
[EMAIL PROTECTED] chcon
[EMAIL PROTECTED] changing security context
[EMAIL PROTECTED] change SELinux context
+
+
[EMAIL PROTECTED] changes the SELinux security context of the selected files.
+Synopses:
+
[EMAIL PROTECTED]
+chcon [EMAIL PROTECTED]@dots{} @var{context} @[EMAIL PROTECTED]
+chcon [EMAIL PROTECTED]@dots{} [-u @var{user}] [-r @var{role}] [-l @var{range}] [-t @var{type}] @[EMAIL PROTECTED]
+chcon [EMAIL PROTECTED]@dots{} [EMAIL PROTECTED] @[EMAIL PROTECTED]
[EMAIL PROTECTED] smallexample
+
+Change  the  SELinux  security  context  of each @var{file} to @var{context}.
+With @option{--reference}, change the security context of each @var{file} 
+to that of @var{rfile}.
+
+The program accepts the following options.  Also see @ref{Common options}.
+
[EMAIL PROTECTED] @samp
+
[EMAIL PROTECTED] -h
[EMAIL PROTECTED] --no-dereference
[EMAIL PROTECTED] -h
[EMAIL PROTECTED] --no-dereference
[EMAIL PROTECTED] no dereference
+Affect symbolic links instead of any referenced file.
+
[EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED] --reference
[EMAIL PROTECTED] reference file
+Use @var{rfile}’s security context rather than specifying a @var{context} value.
+
[EMAIL PROTECTED] -R
[EMAIL PROTECTED] --recursive
[EMAIL PROTECTED] -R
[EMAIL PROTECTED] --recursive
+Operate on files and directories recursively.
+
+Following options to modify how a hierarchy is traversed could also
+be specified. If more than one is specified, only the final one takes
+effect.
[EMAIL PROTECTED]
[EMAIL PROTECTED] symlinks}.
+
[EMAIL PROTECTED]
[EMAIL PROTECTED] symlinks}.
+
[EMAIL PROTECTED]
[EMAIL PROTECTED] symlinks}.
+
[EMAIL PROTECTED] -v
[EMAIL PROTECTED] --verbose
[EMAIL PROTECTED] -v
[EMAIL PROTECTED] --verbose
[EMAIL PROTECTED] diagnostic
+Output a diagnostic for every file processed.
+
[EMAIL PROTECTED] -u @var{user}
[EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED] -u
[EMAIL PROTECTED] --user
+Set user @var{user} in the target security context.
+
[EMAIL PROTECTED] -r @var{role}
[EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED] -r
[EMAIL PROTECTED] --role
+Set role @var{role} in the target security context
+
[EMAIL PROTECTED] -t @var{type}
[EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED] -t
[EMAIL PROTECTED] --type
+Set type @var{type} in the target security context
+
[EMAIL PROTECTED] -l @var{range}
[EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED] -l
[EMAIL PROTECTED] --range
+Set range @var{range} in the target security context
+
[EMAIL PROTECTED] table
+
[EMAIL PROTECTED]
+
[EMAIL PROTECTED] runcon invocation
[EMAIL PROTECTED] @command{runcon}: Run a command in specified SELinux context
+
[EMAIL PROTECTED] runcon
[EMAIL PROTECTED] run with security context
+
+
[EMAIL PROTECTED] runs file in specified SELinux security context.
+
+Synopses:
[EMAIL PROTECTED]
+runcon @var{context} @var{command} [args]
+runcon [ -c ] [-u @var{user}] [-r @var{role}] [-t @var{type}] [-l @var{range}] @var{command} [args]
[EMAIL PROTECTED] smallexample
+
+Runs @var{command} with completely-specified @var{context}, or with 
+current or transitioned security context modified by one or more of @var{range}, 
[EMAIL PROTECTED], @var{type} and @var{user}.
+
+If none of -c, -t, -u, -r, or -l is specified, the first argument is
+used as the complete context. Any additional arguments after COMMAND
+are interpreted as arguments to the command. 
+
+With neither @var{context} nor @var{command}, print the current security context.
+
+The program accepts the following options.  Also see @ref{Common options}.
+
[EMAIL PROTECTED] @samp
+
[EMAIL PROTECTED] -c
[EMAIL PROTECTED] --compute
[EMAIL PROTECTED] -c
[EMAIL PROTECTED] --compute
+Compute process transition context before modifying.
+
[EMAIL PROTECTED] -u @var{user}
[EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED] -u
[EMAIL PROTECTED] --user
+Set user @var{user} in the target security context.
+
[EMAIL PROTECTED] -r @var{role}
[EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED] -r
[EMAIL PROTECTED] --role
+Set role @var{role} in the target security context
+
[EMAIL PROTECTED] -t @var{type}
[EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED] -t
[EMAIL PROTECTED] --type
+Set type @var{type} in the target security context
+
[EMAIL PROTECTED] -l @var{range}
[EMAIL PROTECTED] [EMAIL PROTECTED]
[EMAIL PROTECTED] -l
[EMAIL PROTECTED] --range
+Set range @var{range} in the target security context
+
[EMAIL PROTECTED] table
+
[EMAIL PROTECTED] exit status of @command{runcon}
+Exit status:
+
[EMAIL PROTECTED]
+126 if @var{command} is found but cannot be invoked
+127 if @command{runcon} itself fails or if @var{command} cannot be found
+the exit status of @var{command} otherwise
[EMAIL PROTECTED] display
 
 @node date invocation
 @section @command{date}: Print or set system date and time
-- 
1.5.6.1.156.ge903b

Attachment: signature.asc
Description: Toto je digitálně podepsaná část zprávy

_______________________________________________
Bug-coreutils mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/bug-coreutils

Reply via email to