Closed cgzones closed 2 months ago
dburgener
commented
2 months ago Is there a reason we can't do both this and #289? My inclination is to say that SELinux doesn't want to force either syntax on users, so it would be nice to handle both nesting options with quotes. I haven't tried putting them together, but it looks like both PRs would be compatible with each other.
bachradsusi
commented
2 months ago I like this approach. https://github.com/SELinuxProject/selint/pull/289 was a low effort which would allow to parse "interface''" but it would parse also "interface" which is not correct. I've closed it.
I'm going to propose using ``"interface"'' in fedora-selinux/selinux-policy as suggested in this PR. It looks better for me.
I'm also working on sepolgen-ifgen patch which would be based on this idea - https://github.com/bachradsusi/SELinuxProject-selinux/commit/22b908e76f17851dac5f49dd4394068147c0b567
dburgener
commented
2 months ago If the syntax here works for you, I think that's fine with me. I don't want selint to be overly particular on matters of parsing - but that applies to what policy is used in practice rather than in theory. This version is certainly nicer from an SELint perspective, and wrapping the m4 quotes outside seems to me to make more sense anyways.
I'll go ahead and merge this. If anyone ever decides they actually want the syntax from #289 in practice, I'm happy to revisit that. From an SELint parser perspective, it's nice to parse too much rather than too little, since parser errors are non-recoverable as SELint exists today.
Required for escaped strings, that would otherwise be replaced by m4, e.g. "interface":
Replaces: #289
Note: in contrast to #289 here the syntax is
instead of