List local customizations as json

[marusak]

It would be super useful for Cockpit project if it would be possible to list local customizations as json. We need to read and process local customizations and it is rather difficult to parse output of semanage <type> --list -C. If --json option would exist, that would be awesome.

I would be interested in helping to implement this, but firstly I want to see if it is something that would get accepted.

[bachradsusi]

How do you process or plan to process local SELinux changes?

[marusak]

How do you process or plan to process local SELinux changes?

One is to get some human readable description of what is changed. So instead of showing fcontext -a -f a -t cockpit_ws_exec_t -r 's0' '/usr/libexec/cockpit-wsinstance-factory' we could describe what is being set up in human language.

Other is generating at least some ansible script. With combination of shell (for which semanage export output can be used, of course)

[bachradsusi]

I think the better would be to improve org.selinux dbus interface so that it provides methods consumable for Cockpit. Right now there's org.selinux.customized() which sends string same as semanage export output

It would be better to move this discussion to SELinux mailing list [email protected] where all bugs and patches should be submitted, see https://github.com/SELinuxProject/selinux/blob/master/CONTRIBUTING.md