[DSE-Dev] Bug#1118767: security_class_to_string.3: Some remarks and a patch with editorial changes for this man page

Bjarni Ingi Gislason bjarniig at simnet.is
Sat Oct 25 03:23:13 BST 2025 

Package: libselinux1-dev
Version: 3.9-2
Severity: minor
Tags: patch security
X-Debbugs-Cc: Debian Security Team <team at security.debian.org>

   * What led up to the situation?

     Checking for defects with a new version

test-[g|n]roff -mandoc -t -K utf8 -rF0 -rHY=0 -rCHECKSTYLE=10 -ww -z < "man page"

  [Use 

grep -n -e ' $' -e '\\~$' -e ' \\f.$' -e ' \\"' <file>

  to find (most) trailing spaces.]

  ["test-groff" is a script in the repository for "groff"; is not shipped]
(local copy and "troff" slightly changed by me).

  [The fate of "test-nroff" was decided in groff bug #55941.]

   * What was the outcome of this action?

Output from "test-groff  -mandoc -t -K utf8 -rF0 -rHY=0 -rCHECKSTYLE=0 -ww -z ":

troff:<stdin>:9: warning: trailing space in the line
troff:<stdin>:57: warning: trailing space in the line


   * What outcome did you expect instead?

     No output (no warnings).

-.-

  General remarks and further material, if a diff-file exist, are in the
attachments.


-- System Information:
Debian Release: forky/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.16.12+deb14+1-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=is_IS.iso88591, LC_CTYPE=is_IS.iso88591 (charmap=ISO-8859-1), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages libselinux1-dev depends on:
ii  libpcre2-dev  10.46-1
ii  libselinux1   3.9-2
ii  libsepol-dev  3.9-2

libselinux1-dev recommends no packages.

libselinux1-dev suggests no packages.

-- no debconf information
-------------- next part --------------
Input file is security_class_to_string.3

Output from "mandoc -T lint  security_class_to_string.3": (shortened list)

      1 security_class_to_string.3:32:84: STYLE: input text line longer than 80 bytes: 
      1 security_class_to_string.3:39:90: STYLE: input text line longer than 80 bytes: 
      1 security_class_to_string.3:46:85: STYLE: input text line longer than 80 bytes: 
      1 security_class_to_string.3:57:55: STYLE: whitespace at end of input line
      1 security_class_to_string.3:6:152: STYLE: input text line longer than 80 bytes: 
      1 security_class_to_string.3:83:83: STYLE: input text line longer than 80 bytes: 
      1 security_class_to_string.3:9:72: STYLE: whitespace at end of input line


Find most trailing spaces with:
grep -n -e ' $' -e ' \\f.$' -e ' \\"' <man page>

-.-.

Output from
test-nroff -mandoc -t -ww -z security_class_to_string.3: (shortened list)

      2 line(s) with a trailing space


Find most trailing spaces with:
grep -n -e ' $' -e ' \\f.$' -e ' \\"' <man page>

-.-.

Remove space characters (whitespace) at the end of lines.
Use "git apply ... --whitespace=fix" to fix extra space issues, or use
global configuration "core.whitespace".

Number of lines affected is

2

-.-.

Wrong distance (not two spaces) between sentences in the input file.

  Separate the sentences and subordinate clauses; each begins on a new
line.  See man-pages(7) ("Conventions for source file layout") and
"info groff" ("Input Conventions").

  The best procedure is to always start a new sentence on a new line,
at least, if you are typing on a computer.

Remember coding: Only one command ("sentence") on each (logical) line.

E-mail: Easier to quote exactly the relevant lines.

Generally: Easier to edit the sentence.

Patches: Less unaffected text.

Search for two adjacent words is easier, when they belong to the same line,
and the same phrase.

  The amount of space between sentences in the output can then be
controlled with the ".ss" request.

Mark a final abbreviation point as such by suffixing it with "\&".

Some sentences (etc.) do not begin on a new line.

Split (sometimes) lines after a punctuation mark; before a conjunction.

  Lines with only one (or two) space(s) between sentences could be split,
so latter sentences begin on a new line.

Use

#!/usr/bin/sh

sed -e '/^\./n' \
-e 's/\([[:alpha:]]\)\.  */\1.\n/g' $1

to split lines after a sentence period.
Check result with the difference between the formatted outputs.
See also the attachment "general.bugs"

78:does not return a value. All other functions return zero or NULL on error.

-.-.

Split lines longer than 80 characters (fill completly
an A4 sized page line on a terminal)
into two or more lines.
Appropriate break points are the end of a sentence and a subordinate
clause; after punctuation marks.
Add "\:" to split the string for the output, "\<newline>" in the source.  

Line 6, length 152

security_class_to_string, security_av_perm_to_string, string_to_security_class, string_to_av_perm, security_av_string, mode_to_security_class \- convert

Line 16, length 98

.BI "const char *security_av_perm_to_string(security_class_t " tclass ", access_vector_t " av ");"

Line 18, length 101

.BI "int security_av_string(security_class_t " tclass ", access_vector_t " av ", char **" result ");"

Line 24, length 91

.BI "access_vector_t string_to_av_perm(security_class_t " tclass ", const char *" name ");"

Line 26, length 84

.BI "void print_access_vector(security_class_t " tclass ", access_vector_t " av ");"

Line 32, length 84

or NULL if the class is invalid.  The returned string must not be modified or freed.

Line 39, length 90

or NULL if either argument is invalid.  The returned string must not be modified or freed.

Line 46, length 85

which may have multiple bits set.  The string is returned in the memory pointed to by

Line 83, length 83

A class or access vector argument is not recognized by the currently loaded policy.

Longest line is number 6 with 152 characters

-.-.

Only one space character is after a possible end of sentence
(after a punctuation, that can end a sentence).

security_class_to_string.3:78:does not return a value. All other functions return zero or NULL on error.

-.-.

Remove quotes when there is a printable
but no space character between them
and the quotes are not for emphasis (markup),
for example as an argument to a macro.

security_class_to_string.3:4:.TH "security_class_to_string" "3" "30 Mar 2007" "" "SELinux API documentation"
security_class_to_string.3:5:.SH "NAME"
security_class_to_string.3:11:.SH "SYNOPSIS"
security_class_to_string.3:28:.SH "DESCRIPTION"
security_class_to_string.3:80:.SH "ERRORS"
security_class_to_string.3:89:.SH "AUTHOR"

-.-.

Output from "test-groff  -mandoc -t -K utf8 -rF0 -rHY=0 -rCHECKSTYLE=0 -ww -z ":

troff:<stdin>:9: warning: trailing space in the line
troff:<stdin>:57: warning: trailing space in the line

-.-

Generally:

Split (sometimes) lines after a punctuation mark; before a conjunction.

-.-
-------------- next part --------------
--- security_class_to_string.3	2025-10-25 02:09:41.666174884 +0000
+++ security_class_to_string.3.new	2025-10-25 02:12:53.352342617 +0000
@@ -6,7 +6,7 @@
 security_class_to_string, security_av_perm_to_string, string_to_security_class, string_to_av_perm, security_av_string, mode_to_security_class \- convert
 between SELinux class and permission values and string names.
 .
-print_access_vector \- display an access vector in human-readable form. 
+print_access_vector \- display an access vector in human-readable form.
 .
 .SH "SYNOPSIS"
 .B #include <selinux/selinux.h>
@@ -54,7 +54,7 @@ returns the class value corresponding to
 or zero if no such class exists.
 
 .BR mode_to_security_class ()
-returns the class value corresponding to the specified 
+returns the class value corresponding to the specified
 .IR mode ,
 or zero if no such class exists.
 
-------------- next part --------------
  Any program (person), that produces man pages, should check the output
for defects by using (both groff and nroff)

[gn]roff -mandoc -t -ww -b -z -K utf8 <man page>

  To find trailing space use

grep -n -e ' $' -e ' \\f.$' -e ' \\"' <man page>

  The same goes for man pages that are used as an input.

-.-

  For a style guide use

  mandoc -T lint

-.-

  For general input conventions consult the man page "nroff(7)" (item
"Input conventions") or the Texinfo manual about the same item.

-.-

  Any "autogenerator" should check its products with the above mentioned
'groff', 'mandoc', and additionally with 'nroff ...'.

  It should also check its input files for too long (> 80) lines.

  This is just a simple quality control measure.

  The "autogenerator" may have to be corrected to get a better man page,
the source file may, and any additional file may.

  Common defects:

  Not removing trailing spaces (in in- and output).
  The reason for these trailing spaces should be found and eliminated.

  "git" has a "tool" to point out whitespace,
see for example "git-apply(1)" and git-config(1)")

  Not beginning each input sentence on a new line.
Line length and patch size should thus be reduced.

  The script "reportbug" uses 'quoted-printable' encoding when a line is
longer than 1024 characters in an 'ascii' file.

  See man-pages(7), item "semantic newline".

-.-

The difference between the formatted output of the original
and patched file can be seen with:

  nroff -mandoc <file1> > <out1>
  nroff -mandoc <file2> > <out2>
  diff -d -u <out1> <out2>

and for groff, using

\"printf '%s\n%s\n' '.kern 0' '.ss 12 0' | groff -mandoc -Z - \"

instead of 'nroff -mandoc'

  Add the option '-t', if the file contains a table.

  Read the output from 'diff -d -u ...' with 'less -R' or similar.

-.-.

  If 'man' (man-db) is used to check the manual for warnings,
the following must be set:

  The option "-warnings=w"

  The environmental variable:

export MAN_KEEP_STDERR=yes (or any non-empty value)

  or

  (produce only warnings):

export MANROFFOPT="-ww -b -z"

export MAN_KEEP_STDERR=yes (or any non-empty value)

-.-

More information about the SELinux-devel mailing list