[DSE-Dev] Bug#1095045: matchpathcon.3: Some remarks and a patch with editorial changes for this man page
Bjarni Ingi Gislason
bjarniig at simnet.is
Mon Feb 3 01:22:26 GMT 2025
Package: libselinux1-dev
Version: 3.7-3.1
Severity: minor
Tags: patch
* What led up to the situation?
Checking for defects with a new version
test-[g|n]roff -mandoc -t -K utf8 -rF0 -rHY=0 -rCHECKSTYLE=10 -ww -z < "man page"
[Use "groff -e ' $' -e '\\~$' <file>" to find obvious trailing spaces.]
["test-groff" is a script in the repository for "groff"; is not shipped]
(local copy and "troff" slightly changed by me).
[The fate of "test-nroff" was decided in groff bug #55941.]
* What was the outcome of this action?
an.tmac:<stdin>:12: misuse, warning: .BI is for at least 2 arguments, got 1
Use macro '.B' for one argument or split argument.
troff:<stdin>:40: warning: trailing space in the line
troff:<stdin>:45: warning: trailing space in the line
troff:<stdin>:47: warning: trailing space in the line
troff:<stdin>:49: warning: trailing space in the line
troff:<stdin>:51: warning: trailing space in the line
troff:<stdin>:76: warning: trailing space in the line
troff:<stdin>:78: warning: trailing space in the line
troff:<stdin>:93: warning: trailing space in the line
troff:<stdin>:96: warning: trailing space in the line
troff:<stdin>:104: warning: trailing space in the line
troff:<stdin>:107: warning: trailing space in the line
* What outcome did you expect instead?
No output (no warnings).
-.-
General remarks and further material, if a diff-file exist, are in the
attachments.
-- System Information:
Debian Release: trixie/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 6.12.11-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=is_IS.iso88591, LC_CTYPE=is_IS.iso88591 (charmap=ISO-8859-1), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages libselinux1-dev depends on:
ii libpcre2-dev 10.44-5
ii libselinux1 3.7-3.1
ii libsepol-dev 3.7-1
libselinux1-dev recommends no packages.
libselinux1-dev suggests no packages.
-- no debconf information
-------------- next part --------------
Input file is matchpathcon.3
Output from "mandoc -T lint matchpathcon.3": (shortened list)
1 input text line longer than 80 bytes: matchpathcon, matchp...
1 unterminated quoted argument
14 whitespace at end of input line
-.-.
Output from "test-groff -mandoc -t -ww -z matchpathcon.3": (shortened list)
1 Use macro '.B' for one argument or split argument.
1 .BI is for at least 2 arguments, got 1
11 trailing space in the line
-.-.
Remove space characters (whitespace) at the end of lines.
Use "git apply ... --whitespace=fix" to fix extra space issues, or use
global configuration "core.whitespace".
Number of lines affected is
14
-.-.
Use the correct macro for the font change of a single argument or
split the argument into two.
12:.BI "int matchpathcon_fini(void);"
-.-.
Add a comma (or \&) after "e.g." and "i.e.", or use English words
(man-pages(7)).
Abbreviation points should be protected against being interpreted as
an end of sentence, if they are not, and that independent of the
current place on the line.
45:i.e. the path returned by
65:, e.g. pass "/dev" if you only intend to call
104:Only the file format bits (i.e. the file type) of the
-.-.
Wrong distance between sentences in the input file.
Separate the sentences and subordinate clauses; each begins on a new
line. See man-pages(7) ("Conventions for source file layout") and
"info groff" ("Input Conventions").
104 The best procedure is to always start a new sentence on a new line,
at least, if you are typing on a computer.
Remember coding: Only one command ("sentence") on each (logical) line.
E-mail: Easier to quote exactly the relevant lines.
Generally: Easier to edit the sentence.
Patches: Less unaffected text.
Search for two adjacent words is easier, when they belong to the same line,
and the same phrase.
The amount of space between sentences in the output can then be
controlled with the ".ss" request.
Mark a final abbreviation point as such by suffixing it with "\&".
45:i.e. the path returned by
96:resulting context. The caller must free the returned security context
104:Only the file format bits (i.e. the file type) of the
-.-.
Split lines longer than 80 characters into two or more lines.
Appropriate break points are the end of a sentence and a subordinate
clause; after punctuation marks.
Line 1, length 102
.TH "matchpathcon" "3" "21 November 2009" "stephen.smalley.work at gmail.com" "SELinux API documentation"
Line 3, length 136
matchpathcon, matchpathcon_index \- get the default SELinux security context for the specified path from the file contexts configuration
Line 127, length 242
.BR selinux "(8), " set_matchpathcon_flags "(3), " set_matchpathcon_invalidcon "(3), " set_matchpathcon_printf "(3), " matchpathcon_filespec_add "(3), " matchpathcon_checkmatches "(3), " freecon "(3), " setfilecon "(3), " setfscreatecon "(3)"
-.-.
Split a punctuation from a single argument, if a two-font macro is meant.
83:.I pathname,
88:.I mode,
111:.I path,
-.-.
Put a parenthetical sentence, phrase on a separate line,
if not part of a code.
See man-pages(7), item "semantic newline".
matchpathcon.3:104:Only the file format bits (i.e. the file type) of the
-.-.
Remove quotes when there is a printable
but no space character between them
and the quotes are not for emphasis (markup),
for example as an argument to a macro.
1:.TH "matchpathcon" "3" "21 November 2009" "stephen.smalley.work at gmail.com" "SELinux API documentation"
2:.SH "NAME"
5:.SH "SYNOPSIS"
8:.BI "int matchpathcon_init(const char *" path ");"
10:.BI "int matchpathcon_init_prefix(const char *" path ", const char *" prefix ");"
16:.BI "int matchpathcon_index(const char *" name ", mode_t " mode ", char **" con ");"
18:.SH "DESCRIPTION"
127:.BR selinux "(8), " set_matchpathcon_flags "(3), " set_matchpathcon_invalidcon "(3), " set_matchpathcon_printf "(3), " matchpathcon_filespec_add "(3), " matchpathcon_checkmatches "(3), " freecon "(3), " setfilecon "(3), " setfscreatecon "(3)"
-.-.
Use ".na" (no adjustment) instead of ".ad l" and then ".ad" to begin the
same adjustment again as before
125:.ad l
-.-.
Trailing space in a macro call.
48:.B MATCHPATHCON_BASEONLY
94:.I con
105:.I mode
-.-.
Output from "test-groff -mandoc -t -K utf8 -rF0 -rHY=0 -rCHECKSTYLE=10 -ww -z ":
an.tmac:<stdin>:12: misuse, warning: .BI is for at least 2 arguments, got 1
Use macro '.B' for one argument or split argument.
troff:<stdin>:40: warning: trailing space in the line
troff:<stdin>:45: warning: trailing space in the line
troff:<stdin>:47: warning: trailing space in the line
troff:<stdin>:49: warning: trailing space in the line
troff:<stdin>:51: warning: trailing space in the line
troff:<stdin>:76: warning: trailing space in the line
troff:<stdin>:78: warning: trailing space in the line
troff:<stdin>:93: warning: trailing space in the line
troff:<stdin>:96: warning: trailing space in the line
troff:<stdin>:104: warning: trailing space in the line
troff:<stdin>:107: warning: trailing space in the line
-------------- next part --------------
--- matchpathcon.3 2025-02-03 00:50:33.529634767 +0000
+++ matchpathcon.3.new 2025-02-03 01:13:08.277620785 +0000
@@ -1,23 +1,27 @@
-.TH "matchpathcon" "3" "21 November 2009" "stephen.smalley.work at gmail.com" "SELinux API documentation"
-.SH "NAME"
-matchpathcon, matchpathcon_index \- get the default SELinux security context for the specified path from the file contexts configuration
+.TH matchpathcon 3 "21 November 2009" stephen.smalley.work at gmail.com \
+"SELinux API documentation"
+.SH NAME
+matchpathcon, matchpathcon_index \- get the default SELinux security context \
+for the specified path from the file contexts configuration
.
-.SH "SYNOPSIS"
+.SH SYNOPSIS
.B #include <selinux/selinux.h>
.sp
.BI "int matchpathcon_init(const char *" path ");"
.sp
.BI "int matchpathcon_init_prefix(const char *" path ", const char *" prefix ");"
.sp
-.BI "int matchpathcon_fini(void);"
+.B int matchpathcon_fini(void);
.sp
-.BI "int matchpathcon(const char *" path ", mode_t " mode ", char **" con ");
+.BI "int matchpathcon(const char *" path ", mode_t " mode ", char **" con );
.sp
.BI "int matchpathcon_index(const char *" name ", mode_t " mode ", char **" con ");"
.
-.SH "DESCRIPTION"
+.SH DESCRIPTION
-This family of functions is deprecated. For new code, please use
+This family of functions is deprecated.
+For new code,
+please use
.BR selabel_open (3)
with the
.B SELABEL_CTX_FILE
@@ -37,78 +41,88 @@ The remaining description below is for t
.BR matchpathcon_init ()
loads the file contexts configuration specified by
.I path
-into memory for use by subsequent
+into memory for use by subsequent
.BR matchpathcon ()
-calls. If
+calls.
+If
.I path
-is NULL, then the active file contexts configuration is loaded by default,
-i.e. the path returned by
+is NULL,
+then the active file contexts configuration is loaded by default,
+i.e., the path returned by
.BR selinux_file_context_path (3).
-Unless the
-.B MATCHPATHCON_BASEONLY
-flag has been set via
+Unless the
+.B MATCHPATHCON_BASEONLY
+flag has been set via
.BR \%set_matchpathcon_flags (3),
-files with the same path prefix but a
+files with the same path prefix but a
.B \%.homedirs
and
.B .local
-suffix are also looked up and loaded if present. These files provide
-dynamically generated entries for user home directories and for local
-customizations.
+suffix are also looked up and loaded if present.
+These files provide dynamically generated entries for user home directories
+and for local customizations.
.BR matchpathcon_init_prefix ()
is the same as
.BR matchpathcon_init ()
but only loads entries with regular expressions whose first pathname
component is a prefix of
-.I \%prefix
-, e.g. pass "/dev" if you only intend to call
+.IR \%prefix ,
+e.g., pass "/dev"
+if you only intend to call
.BR matchpathcon ()
with pathnames beginning with /dev.
-However, this optimization is no longer necessary due to the use of
+However,
+this optimization is no longer necessary due to the use of
.I file_contexts.bin
-files with precompiled regular expressions, so use of this interface
-is deprecated.
+files with precompiled regular expressions,
+so use of this interface is deprecated.
.BR matchpathcon_fini ()
frees the memory allocated by a prior call to
-.BR matchpathcon_init. ()
-This function can be used to free and reset the internal state between multiple
+.BR matchpathcon_init ().
+This function can be used to free and reset the internal state between multiple
.BR matchpathcon_init ()
-calls, or to free memory when finished using
+calls,
+or to free memory when finished using
.BR matchpathcon ().
.BR matchpathcon ()
matches the specified
-.I pathname,
+.IR pathname ,
after transformation via
.BR realpath (3)
excepting any final symbolic link component if S_IFLNK was
specified as the
-.I mode,
+.IR mode ,
and
.I mode
against the
.I file contexts
-configuration and sets the security context
-.I con
+configuration and sets the security context
+.I con
to refer to the
-resulting context. The caller must free the returned security context
+resulting context.
+The caller must free the returned security context
.I con
using
.BR freecon (3)
when finished using it.
.I mode
-can be 0 to disable mode matching, but
-should be provided whenever possible, as it may affect the matching.
-Only the file format bits (i.e. the file type) of the
-.I mode
+can be 0 to disable mode matching,
+but should be provided whenever possible,
+as it may affect the matching.
+Only the file format bits
+(i.e., the file type)
+of the
+.I mode
are used.
-If
+If
.BR matchpathcon_init ()
-has not already been called, then this function will call it upon
+has not already been called,
+then this function will call it upon
its first invocation with a NULL
-.I path,
+.IR path ,
defaulting to the active file contexts configuration.
.BR matchpathcon_index ()
@@ -124,4 +138,8 @@ Returns zero on success or \-1 otherwise
.SH "SEE ALSO"
.ad l
.nh
-.BR selinux "(8), " set_matchpathcon_flags "(3), " set_matchpathcon_invalidcon "(3), " set_matchpathcon_printf "(3), " matchpathcon_filespec_add "(3), " matchpathcon_checkmatches "(3), " freecon "(3), " setfilecon "(3), " setfscreatecon "(3)"
+.BR selinux "(8), " set_matchpathcon_flags "(3), " \
+set_matchpathcon_invalidcon "(3), " set_matchpathcon_printf "(3), " \
+matchpathcon_filespec_add "(3), " matchpathcon_checkmatches "(3), " freecon \
+"(3), " setfilecon "(3), " setfscreatecon (3)
+
-------------- next part --------------
Any program (person), that produces man pages, should check the output
for defects by using (both groff and nroff)
[gn]roff -mandoc -t -ww -b -z -K utf8 <man page>
The same goes for man pages that are used as an input.
For a style guide use
mandoc -T lint
-.-
Any "autogenerator" should check its products with the above mentioned
'groff', 'mandoc', and additionally with 'nroff ...'.
It should also check its input files for too long (> 80) lines.
This is just a simple quality control measure.
The "autogenerator" may have to be corrected to get a better man page,
the source file may, and any additional file may.
Common defects:
Not removing trailing spaces (in in- and output).
The reason for these trailing spaces should be found and eliminated.
Not beginning each input sentence on a new line.
Line length should thus be reduced.
The script "reportbug" uses 'quoted-printable' encoding when a line is
longer than 1024 characters in an 'ascii' file.
See man-pages(7), item "semantic newline".
-.-
The difference between the formatted output of the original and patched file
can be seen with:
nroff -mandoc <file1> > <out1>
nroff -mandoc <file2> > <out2>
diff -u <out1> <out2>
and for groff, using
\"printf '%s\n%s\n' '.kern 0' '.ss 12 0' | groff -mandoc -Z - \"
instead of 'nroff -mandoc'
Add the option '-t', if the file contains a table.
Read the output from 'diff -u ...' with 'less -R' or similar.
-.-.
If 'man' (man-db) is used to check the manual for warnings,
the following must be set:
The option \"-warnings=w\"
The environmental variable:
export MAN_KEEP_STDERR=yes (or any non-empty value)
or
(produce only warnings):
export MANROFFOPT=\"-ww -b -z\"
export MAN_KEEP_STDERR=yes (or any non-empty value)
-.-
More information about the SELinux-devel
mailing list