GNU bug report logs - #17220
SELinux options in --help / manpage may be confusing

Previous Next

Package: coreutils;

Reported by: ovasik <at> redhat.com

Date: Tue, 8 Apr 2014 13:49:01 UTC

Severity: normal

Done: Pádraig Brady <P <at> draigBrady.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Pádraig Brady <P <at> draigBrady.com>
To: ovasik <at> redhat.com
Cc: 17220 <at> debbugs.gnu.org
Subject: bug#17220: SELinux options in --help / manpage may be confusing
Date: Tue, 08 Apr 2014 16:27:44 +0100

On 04/08/2014 02:47 PM, Ondrej Vasik wrote:
> Hi,
> recently I got one bug report, asking about mknod not running correctly
> with old syntax
> mknod -m 666 -Z system_u:object_r:random_device_t:s0 /dev/random2 c 1 9
> This is not a bug, as since 8.22, short version of -Z doesn't accept
> optional arguments.
> 
> However, --help and manpage is a bit misleading. I think we should split
> the lines for -Z and --context , as both are doing a bit different
> thing.
> -Z restores the default SELinux context
> --context=[CTX] restores the default SELinux context if no CTX is
> specified, otherwise sets the SELinux/SMACK context to CTX.
> 
> Now, with having them both on one lines, it gives user the feeling that
> -Z accepts argument, which may lead to scripts errors. This is not only
> about mknod, but about all utilities with -Z option (and recent change
> in behaviour)
> 
> Thanks in advance for consideration!

Note the -o, --option[=optional long arg] is a very common
idiom in the coreutils' --help and thus man pages.
In the unusual case where a short option takes an optional arg we use:

  -w[BYTES], --width[=BYTES]  output BYTES bytes per output line;
                                32 is implied when BYTES is not specified


Though -Z, --context[=CTX] are slightly different concepts as you say
so we should split out the descriptions.

So currently we have this:

  -Z, --context[=CTX]  set the SELinux security context of NAME to
                         default type, or set the SELinux or SMACK
                         security context to CTX if specified


I'll push a patch that changes all utils along the lines of:


  -Z               set the SELinux security context of NAME to default type
  --context[=CTX]  likewise, or if CTX is specified then set the SELinux
                     or SMACK security context to CTX


cheers,
Pádraig.

p.s. for completeness, for mandatory args we use:

  -t, --format=TYPE           select output format or formats
This bug report was last modified 11 years and 104 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.