From: James Carter <jwcart2@gmail.com>
To: SElinux list <selinux@vger.kernel.org>
Cc: bauen1 <j2468h@googlemail.com>
Subject: Re: [PATCH 0/4 v2] libsepol/cil: Limit certain error and warning reports
Date: Thu, 24 Feb 2022 16:07:41 -0500 [thread overview]
Message-ID: <CAP+JOzQ4yZo9eRTLHOFCFFnXz2QpeTZA_GXm6QL1GgKajavR6A@mail.gmail.com> (raw)
In-Reply-To: <CAP+JOzSKEY0YgEwHRedmRa4VyKUsLxLqFX44PEQVnn-QkCMhxQ@mail.gmail.com>
On Fri, Feb 18, 2022 at 4:17 PM James Carter <jwcart2@gmail.com> wrote:
>
> I plan on merging this series next week.
This series has been merged.
Jim
> Jim
>
> On Wed, Jan 19, 2022 at 11:35 AM James Carter <jwcart2@gmail.com> wrote:
> >
> > When reporting some errors or warnings, a search is made to find the
> > original or matching rule. Both neverallow and type bounds violations will
> > use cil_find_matching_avrule_in_ast() to find the rules in violation. For
> > context rules, the AST is walked to find the conflicting rule. If there are
> > a lot of errors or warnings, then this can take a lot of time. oss-fuzz has
> > generated policies that can abuse this reporting, so the desire is to limit
> > the reporting by default.
> >
> > By using the new function, cil_get_log_level(), the error reporting for
> > neverallow and type bounds violations and the warnings for context rule
> > conflicts can be less by default while still allowing for everything to
> > be reported at higher log verbosity levels.
> >
> >
> > James Carter (4):
> > libsepol/cil: Add cil_get_log_level() function
> > libsepol/cil: Provide more control over reporting bounds failures
> > libsepol/cil: Limit the neverallow violations reported
> > libsepol/cil: Limit the amount of reporting for context rule conflicts
> >
> > libsepol/cil/src/cil_binary.c | 20 +++++++++---
> > libsepol/cil/src/cil_log.c | 5 +++
> > libsepol/cil/src/cil_log.h | 2 ++
> > libsepol/cil/src/cil_post.c | 57 ++++++++++++++++++++---------------
> > 4 files changed, 56 insertions(+), 28 deletions(-)
> >
> > --
> > 2.31.1
> >
prev parent reply other threads:[~2022-02-24 21:07 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-19 16:35 [PATCH 0/4 v2] libsepol/cil: Limit certain error and warning reports James Carter
2022-01-19 16:35 ` [PATCH 1/4 v2] libsepol/cil: Add cil_get_log_level() function James Carter
2022-01-19 16:35 ` [PATCH 2/4 v2] libsepol/cil: Provide more control over reporting bounds failures James Carter
2022-01-19 16:35 ` [PATCH 3/4 v2] libsepol/cil: Limit the neverallow violations reported James Carter
2022-01-19 16:35 ` [PATCH 4/4 v2] libsepol/cil: Limit the amount of reporting for context rule conflicts James Carter
2022-02-18 21:17 ` [PATCH 0/4 v2] libsepol/cil: Limit certain error and warning reports James Carter
2022-02-24 21:07 ` James Carter [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAP+JOzQ4yZo9eRTLHOFCFFnXz2QpeTZA_GXm6QL1GgKajavR6A@mail.gmail.com \
--to=jwcart2@gmail.com \
--cc=j2468h@googlemail.com \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.