[DSE-Dev] Bug#1094856: getexeccon.3: Some remarks and a patch with editorial changes for this man page
Bjarni Ingi Gislason
bjarniig at simnet.is
Fri Jan 31 19:43:13 GMT 2025
Package: libselinux1-dev
Version: 3.7-3+b1
Severity: minor
Tags: patch
* What led up to the situation?
Checking for defects with a new version
test-[g|n]roff -mandoc -t -K utf8 -rF0 -rHY=0 -rCHECKSTYLE=10 -ww -z < "man page"
[Use "groff -e ' $' -e '\\~$' <file>" to find obvious trailing spaces.]
["test-groff" is a script in the repository for "groff"; is not shipped]
(local copy and "troff" slightly changed by me).
[The fate of "test-nroff" was decided in groff bug #55941.]
* What was the outcome of this action?
troff:<stdin>:53: warning: trailing space in the line
* What outcome did you expect instead?
No output (no warnings).
-.-
General remarks and further material, if a diff-file exist, are in the
attachments.
-- System Information:
Debian Release: trixie/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 6.12.10-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=is_IS.iso88591, LC_CTYPE=is_IS.iso88591 (charmap=ISO-8859-1), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages libselinux1-dev depends on:
ii libpcre2-dev 10.44-5
ii libselinux1 3.7-3+b1
ii libsepol-dev 3.7-1
libselinux1-dev recommends no packages.
libselinux1-dev suggests no packages.
-- no debconf information
-------------- next part --------------
Input file is getexeccon.3
Output from "mandoc -T lint getexeccon.3": (shortened list)
1 input text line longer than 80 bytes: getexeccon, setexecc...
1 unterminated quoted argument
1 whitespace at end of input line
-.-.
Output from "test-groff -mandoc -t -ww -z getexeccon.3": (shortened list)
1 trailing space in the line
-.-.
Remove space characters (whitespace) at the end of lines.
Use "git apply ... --whitespace=fix" to fix extra space issues, or use
global configuration "core.whitespace".
Number of lines affected is
1
-.-.
Add a comma (or \&) after "e.g." and "i.e.", or use English words
(man-pages(7)).
Abbreviation points should be protected against being interpreted as
an end of sentence, if they are not, and that independent of the
current place on the line.
32:set by the program (i.e. using the default policy behavior).
49:e.g.
-.-.
Wrong distance between sentences in the input file.
Separate the sentences and subordinate clauses; each begins on a new
line. See man-pages(7) ("Conventions for source file layout") and
"info groff" ("Input Conventions").
The best procedure is to always start a new sentence on a new line,
at least, if you are typing on a computer.
Remember coding: Only one command ("sentence") on each (logical) line.
E-mail: Easier to quote exactly the relevant lines.
Generally: Easier to edit the sentence.
Patches: Less unaffected text.
Search for two adjacent words is easier, when they belong to the same line,
and the same phrase.
The amount of space between sentences in the output can then be
controlled with the ".ss" request.
Mark a final abbreviation point as such by suffixing it with "\&".
32:set by the program (i.e. using the default policy behavior).
81:in all new code. This function
-.-.
Split lines longer than 80 characters into two or more lines.
Appropriate break points are the end of a sentence and a subordinate
clause; after punctuation marks.
Line 1, length 88
.TH "getexeccon" "3" "1 January 2004" "russell at coker.com.au" "SELinux API documentation"
Line 3, length 98
getexeccon, setexeccon \- get or set the SELinux security context used for executing a new process
Line 20, length 123
.BI "int rpm_execcon(unsigned int " verified ", const char *" filename ", char *const " argv "[] , char *const " envp "[]);
-.-.
Put a parenthetical sentence, phrase on a separate line,
if not part of a code.
See man-pages(7), item "semantic newline".
getexeccon.3:32:set by the program (i.e. using the default policy behavior).
-.-.
Remove quotes when there is a printable
but no space character between them
and the quotes are not for emphasis (markup),
for example as an argument to a macro.
1:.TH "getexeccon" "3" "1 January 2004" "russell at coker.com.au" "SELinux API documentation"
2:.SH "NAME"
7:.SH "SYNOPSIS"
22:.SH "DESCRIPTION"
107:.BR selinux "(8), " freecon "(3), " getcon "(3)"
-.-.
Output from "test-groff -mandoc -t -K utf8 -rF0 -rHY=0 -rCHECKSTYLE=10 -ww -z ":
troff:<stdin>:53: warning: trailing space in the line
-------------- next part --------------
--- getexeccon.3 2025-01-31 19:17:13.699231199 +0000
+++ getexeccon.3.new 2025-01-31 19:36:13.704620606 +0000
@@ -1,10 +1,11 @@
-.TH "getexeccon" "3" "1 January 2004" "russell at coker.com.au" "SELinux API documentation"
-.SH "NAME"
-getexeccon, setexeccon \- get or set the SELinux security context used for executing a new process
+.TH getexeccon 3 "1 January 2004" russell at coker.com.au "SELinux API documentation"
+.SH NAME
+getexeccon, setexeccon \- get or set the SELinux security context used for
+executing a new process
rpm_execcon \- run a helper for rpm in an appropriate security context
.
-.SH "SYNOPSIS"
+.SH SYNOPSIS
.B #include <selinux/selinux.h>
.sp
.BI "int getexeccon(char **" context );
@@ -17,9 +18,10 @@ rpm_execcon \- run a helper for rpm in a
.sp
.BI "int setexecfilecon(const char *" filename ", const char *" fallback_type );
.sp
-.BI "int rpm_execcon(unsigned int " verified ", const char *" filename ", char *const " argv "[] , char *const " envp "[]);
+.BI "int rpm_execcon(unsigned int " verified ", const char *" filename ", \
+char *const " argv "[], char *const " envp []);
.
-.SH "DESCRIPTION"
+.SH DESCRIPTION
.BR getexeccon ()
retrieves the context used for executing a new process.
This returned context should be freed with
@@ -29,7 +31,8 @@ if non-NULL.
sets
.BI * context
to NULL if no exec context has been explicitly
-set by the program (i.e. using the default policy behavior).
+set by the program
+(i.e., using the default policy behavior).
.BR setexeccon ()
sets the context used for the next
@@ -46,11 +49,11 @@ so a program doesn't need to explicitly
can be applied prior to library
functions that internally perform an
.BR execve (2),
-e.g.
+e.g.,
.BR execl *(3),
.BR execv *(3),
.BR popen (3),
-in order to set an exec context for that operation.
+in order to set an exec context for that operation.
.BR getexeccon_raw ()
and
@@ -61,35 +64,41 @@ translation.
.B Note:
Signal handlers that perform an
.BR execve (2)
-must take care to
-save, reset, and restore the exec context to avoid unexpected behavior.
+must take care to save,
+reset,
+and restore the exec context to avoid unexpected behavior.
.BR setexecfilecon ()
sets the context used for the next
.BR execve (2)
-call, based on the policy for the
+call,
+based on the policy for the
.IR filename ,
and falling back to a new context with a
.I fallback_type
in case there is no transition.
.BR rpm_execcon ()
-is deprecated; please use
+is deprecated;
+please use
.BR setexecfilecon ()
in conjunction with
.BR execve (2)
-in all new code. This function
-runs a helper for rpm in an appropriate security context. The
-verified parameter should contain the return code from the signature
-verification (0 == ok, 1 == notfound, 2 == verifyfail, 3 ==
-nottrusted, 4 == nokey), although this information is not yet used by
-the function. The function determines the proper security context for
-the helper based on policy, sets the exec context accordingly, and
-then executes the specified filename with the provided argument and
-environment arrays.
+in all new code.
+This function runs a helper for rpm in an appropriate security context.
+The verified parameter should contain the return code from the signature
+verification
+(0 == ok, 1 == notfound, 2 == verifyfail, 3 == nottrusted, 4 == nokey),
+although this information is not yet used by the function.
+The function determines the proper security context for
+the helper based on policy,
+sets the exec context accordingly,
+and then executes the specified filename with the provided argument
+and environment arrays.
.
.SH "RETURN VALUE"
-On failure, \-1 is returned and
+On failure,
+\-1 is returned and
.I errno
is set appropriately.
@@ -100,8 +109,9 @@ and
.BR setexecfilecon ()
return 0.
.BR rpm_execcon ()
-only returns upon errors, as it calls
+only returns upon errors,
+as it calls
.BR execve (2).
.
.SH "SEE ALSO"
-.BR selinux "(8), " freecon "(3), " getcon "(3)"
+.BR selinux "(8), " freecon "(3), " getcon (3)
-------------- next part --------------
Any program (person), that produces man pages, should check the output
for defects by using (both groff and nroff)
[gn]roff -mandoc -t -ww -b -z -K utf8 <man page>
The same goes for man pages that are used as an input.
For a style guide use
mandoc -T lint
-.-
Any "autogenerator" should check its products with the above mentioned
'groff', 'mandoc', and additionally with 'nroff ...'.
It should also check its input files for too long (> 80) lines.
This is just a simple quality control measure.
The "autogenerator" may have to be corrected to get a better man page,
the source file may, and any additional file may.
Common defects:
Not removing trailing spaces (in in- and output).
The reason for these trailing spaces should be found and eliminated.
Not beginning each input sentence on a new line.
Line length should thus be reduced.
The script "reportbug" uses 'quoted-printable' encoding when a line is
longer than 1024 characters in an 'ascii' file.
See man-pages(7), item "semantic newline".
-.-
The difference between the formatted output of the original and patched file
can be seen with:
nroff -mandoc <file1> > <out1>
nroff -mandoc <file2> > <out2>
diff -u <out1> <out2>
and for groff, using
\"printf '%s\n%s\n' '.kern 0' '.ss 12 0' | groff -mandoc -Z - \"
instead of 'nroff -mandoc'
Add the option '-t', if the file contains a table.
Read the output from 'diff -u ...' with 'less -R' or similar.
-.-.
If 'man' (man-db) is used to check the manual for warnings,
the following must be set:
The option \"-warnings=w\"
The environmental variable:
export MAN_KEEP_STDERR=yes (or any non-empty value)
or
(produce only warnings):
export MANROFFOPT=\"-ww -b -z\"
export MAN_KEEP_STDERR=yes (or any non-empty value)
-.-
More information about the SELinux-devel
mailing list