Open Lockszmith-GH opened 3 years ago
Another good point, thanks for the suggestion! Unsure about the command name itself at this point (maybe a child of service to not polluate the root command namespace with "debug" commands?). Maybe something around zsysctl service dump-config or else?
For B/ logs are already telling you this, but that doesn’t invalidate the name of the command.
Sorry for not responding sooner, was 'out-of-it' for a while.
I would agree, the service
command block makes much more sense.
I'll be keeping an eye on such an implementation.
Background
In the blog, the default policy is presented. It also linked to github at https://github.com/ubuntu/zsys/blob/master/internal/config/zsys.conf
Scenario A - convenience
While those two are great, when dealing with
zsysctl
in the command line, maybe even in a situation where using copy-paste from the web isn't really an option (an offline machine or a physical console), the ability to havezsysctl
output the policy would be beneficial.Scenario B - troubleshooting
Another case would be to make sure the policy has loaded properly, and that whatever changes you've applied to the
/etc/zsys.conf
file, they have been loaded.The Suggestion / Request
have a command (say:
dump config
) that would take whatever current settings are in memory, and dump them into the standard output. This would allow a command like the one below to quickly generate the zsys.conf file: