Reviewed man page (#92)

* Reviewed man page * Update workflow
lhqg · Sep 17, 2024 · c8a1bf1 · c8a1bf1
1 parent 11dfbf5
commit c8a1bf1
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 37 deletions.
diff --git a/.github/workflows/build_all_RPMs.yml b/.github/workflows/build_all_RPMs.yml
@@ -28,9 +28,9 @@ jobs:
         with:
           ref: ${{ github.ref }}
 
-      - name: Get release
+      - name: Get release upload URL
         id: get_release_url
-        uses: bruceadams/get-release@v1.2.3
+        uses: bruceadams/get-release@v1.3.2
         env:
           GITHUB_TOKEN: ${{ github.token }}
 
@@ -40,8 +40,8 @@ jobs:
           version_from_tag=$( echo "${{ github.ref_name }}" | sed -E 's,^v?([0-9]+\.[0-9]+\.[0-9]+).*$,\1,' )
           release_from_tag=$( echo "${{ github.ref_name }}" | sed -E 's,^v?[0-9]+\.[0-9]+\.[0-9]+(-([0-9]+))?.*$,\2,' )
           [ -z "${release_from_tag}" ] && release_from_tag=0
-          echo "::set-output name=version::${version_from_tag}"
-          echo "::set-output name=release::${release_from_tag}"
+          echo "{version}={${version_from_tag}}" >> $GITHUB_OUTPUT
+          echo "{release}={${release_from_tag}}" >> $GITHUB_OUTPUT
   
   build_RPMs:
     name: Build RPMs and upload them to release
@@ -56,4 +56,4 @@ jobs:
       release_upload_url: ${{ needs.get_release_info.outputs.upload_url }}
       provided_version: ${{ needs.get_release_info.outputs.version_number }}
       provided_release: ${{ needs.get_release_info.outputs.release_number }}
-
+
diff --git a/.github/workflows/validate_selinux_compile.yml b/.github/workflows/validate_selinux_compile.yml
@@ -33,7 +33,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@master
       - uses: lhqg/selinux_compile@almalinux8
 
   compile_el9:
@@ -42,39 +42,39 @@ jobs:
     continue-on-error: true
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@master
       - uses: lhqg/selinux_compile@centos9
 
   compile_fedora37:
     name: Validate SELinux code (Fedora 37)
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@master
       - uses: lhqg/selinux_compile@fedora37
 
   compile_fedora38:
     name: Validate SELinux code (Fedora 38)
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@master
       - uses: lhqg/selinux_compile@fedora38
 
   compile_fedora39:
     name: Validate SELinux code (Fedora 39)
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@master
       - uses: lhqg/selinux_compile@fedora39
 
   compile_fedora40:
     name: Validate SELinux code (Fedora 40)
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@master
       - uses: lhqg/selinux_compile@fedora40
 
   semodule_info:
@@ -92,7 +92,7 @@ jobs:
       semodule_vers: ${{ steps.semodule_chars.outputs.semodule_vers }}
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@master
 
       - name: Get SELinux policy module characteristics
         id: semodule_chars
@@ -111,10 +111,9 @@ jobs:
             module_vers=a[2]
           }
           END {
-            print "::set-output name=semodule_name::"module_name
-            print "::set-output name=semodule_vers::"module_vers
-          }' se_module/${SEMODULE}.te
-
+            print "{semodule_name}={"module_name"}"
+            print "{semodule_vers}={"module_vers"}"
+          }' se_module/${SEMODULE}.te >> $GITHUB_OUTPUT
 
   add_tag:
     name: Add SELinux module version tag on the branch
@@ -125,7 +124,7 @@ jobs:
     if: ( github.event_name == 'push' && ( github.ref_name == 'main' || startsWith(github.ref_name, 'release/') ) )
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@master
 
       - name: Tag the branch with the SELinux module version and draft a pre-release
         uses: actions/create-release@latest
@@ -136,4 +135,4 @@ jobs:
           release_name: Release candidate for v${{ needs.semodule_info.outputs.semodule_vers }}
           draft: true
           prerelease: true
-
+
diff --git a/manpages/man8/springboot_selinux.8 b/manpages/man8/springboot_selinux.8
@@ -153,8 +153,6 @@ Whether to allow users processes running in the \fIsysadm_t\fR SELinux domain to
 .RS 4
 Whether to allow users processes running in the \fIsysadm_t\fR SELinux domain to modify/alter Springboot application authentication/sensitive files.
 .RE
-.PP
-.RE
 
 .SH File Contexts
 .PP
@@ -213,8 +211,6 @@ Application dynamic libraries files. May be deployed/created/rewritten by the Sp
 systemd unit files to control/manage the Springboot application services and targets.
 (Cannot be altered by the Springboot application)
 .RE
-.PP
-.RE
 
 .SH Port Types
 .PP
@@ -227,8 +223,6 @@ TCP port the Springboot application binds to and listens on for client connectio
 .RS 4
 TCP port the Springboot application binds to and listens on for monitoring purposes.
 .RE
-.PP
-.RE
 
 .SH Interfaces
 .PP
@@ -237,46 +231,52 @@ The Springboot SELinux policy is shipped with a set of "interfaces" to easily ex
 To use an given interface a small SELinux policy module source code must be created, compiled and finally loaded.
 .SS "Deployment interfaces"
 .PP
+\fBspringboot_deployer(\fRdeployer\fB)\fR
+.RS 4
+Allows the SELinux domain/type deployer_t derived from passed argument to deploy Springboot application files and to manage (stop/start/enable/disable) Springboot systemd units.
+.RE
 .PP
-\fBspringboot_deployer(\fRdeployer_t\fB)\fR
+\fBspringboot_systemd_unit_instance_deployer(\fRdeployer\fB)\fR
 .RS 4
-Allows the SELinux domain/type deployer_t passed as its argument to deploy Springboot application files and to manage (stop/start/enable/disable) Springboot systemd units.
+Allows the SELinux domain/type deployer_t derived from passed argument to deploy Springboot generic systemd unit files.
+.br
+iIn general, this interface should not be used directly, the following one should be used instead.
 .RE
 .PP
-\fBspringboot_systemd_unit_instance_deployer(\fRdeployer_t\fB)\fR
+\fBspringboot_systemd_unit_instance_deployer(\fRdeployer, MyApp\fB)\fR
 .RS 4
-Allows the SELinux domain/type deployer_t passed as its argument to deploy Springboot systemd unit files.
+Allows the SELinux domain/type deployer_t derived from first argument to deploy Springboot systemd unit files for application \fIMyApp\fR passed as its second argument.
+.br
+The springboot@\fIMyApp\fR.service specific unit files are assigned the correct SELinux context.
 .RE
 .PP
-\fBspringboot_auth_deployer(\fRdeployer_t\fB)\fR
+\fBspringboot_auth_deployer(\fRdeployer\fB)\fR
 .RS 4
-Allows the SELinux domain/type deployer_t passed as its argument to deploy Springboot sensitive configuration files.
+Allows the SELinux domain/type deployer_t derived from passed argument to deploy Springboot sensitive configuration files.
 .RE
 .PP
 .RS 2
 \fBExample:\fR SELinux source code to allow Ansible (ansible_t) to deploy the Springboot application
 .RS 2
 policy_module(springboot_ansible_deployment, 1.0.0)
 .br
-springboot_deployer(ansible_t)
+springboot_deployer(ansible)
 .br
-springboot_auth_deployer(ansible_t)
+springboot_auth_deployer(ansible)
 .RE
 .PP
 .SS "Other interfaces"
-\fBspringboot_monitor(\fRmonitor_t\fB)\R
+\fBspringboot_monitor(\fRmonitor\fB)\R
 .RS 4
-Allows the SELinux domain/type monitor_t passed as its argument to connect (TCP) to the Springboot application's moniroting port.
+Allows the SELinux domain/type monitor_t, derived from passed argument to connect (TCP) to the Springboot application's moniroting port.
 .PP
 .RS 2
 \fBExample:\fR SELinux source code to allow Nagios NRPE to use TCP monitoring of Springboot application
 .RS 2
 policy_module(springboot_nrpe_monitor, 1.0.0)
 .br
-springboot_monitor(nrpe_t)
-.RE
+springboot_monitor(nrpe)
 .RE
-.PP
 
 .SH Author
 .PP