[PATCH] --secontext: Implement displaying of expected context upon mismatch
Eugene Syromiatnikov
esyr at redhat.com
Mon Dec 6 08:08:49 UTC 2021
On Fri, Dec 03, 2021 at 03:36:52PM +0100, Renaud Métrich wrote:
> +void
> +selinux_set_format(const char *optarg)
> +{
> + uint8_t selected[SFORMAT_MAX] = { 0 };
> +
> + if (!optarg)
> + return;
> +
> + const char *prev = optarg;
> +
> + for (;;) {
> + bool found = false;
> + const char *pos = strchr(prev, ',');
> + size_t len = pos ? (size_t) (pos - prev) : strlen(prev);
> +
> + for (size_t i = 0; i < ARRAY_SIZE(format_aliases); i++) {
> + if (strncmp(format_aliases[i].name, prev, len) ||
> + format_aliases[i].name[len])
> + continue;
> + if (selected[format_aliases[i].index]++)
> + error_msg_and_help("secontext format has been "
> + "provided more than once: "
> + "'%s'",
> + format_aliases[i].name);
> + found = true;
> + break; /* for i */
> + }
> + if (!found)
> + error_msg_and_help("unknown secontext format: '%.*s'",
> + (int) MIN(len, INT_MAX), prev);
> +
> + if (!pos)
> + break;
> +
> + prev = pos + 1;
> + }
> +
> + if (selected[SFORMAT_SHORT] && selected[SFORMAT_FULL])
> + error_msg_and_die("secontext format '%s' and '%s' cannot be "
> + "provided simultaneously", "short", "full");
> +
> + if (selected[SFORMAT_FULL])
> + selinux_context_full = true;
> + if (selected[SFORMAT_MISMATCH])
> + selinux_context_mismatch = true;
> }
What do you think about renaming "short" to "type", and using qualify_tokens
for parsing, with "full" bit implying "type"?
More information about the Strace-devel
mailing list