All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] policycoreutils: Comment constraint rules in audit2allow and sepolgen output
@ 2015-07-30 15:53 Petr Lautrbach
  2015-07-31 15:20 ` Stephen Smalley
  0 siblings, 1 reply; 2+ messages in thread
From: Petr Lautrbach @ 2015-07-30 15:53 UTC (permalink / raw)
  To: selinux

Constraint rules in output need to be commented in order to make a policy
compilable.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1155974

Patch-by: Miroslav Grepl <mgrepl@redhat.com>
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
 policycoreutils/audit2allow/audit2allow | 2 +-
 sepolgen/src/sepolgen/policygen.py      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/policycoreutils/audit2allow/audit2allow b/policycoreutils/audit2allow/audit2allow
index 62338a0..6bbab40 100644
--- a/policycoreutils/audit2allow/audit2allow
+++ b/policycoreutils/audit2allow/audit2allow
@@ -273,7 +273,7 @@ class AuditToPolicy:
             if rc == audit2why.CONSTRAINT:
                 print()  # !!!! This avc is a constraint violation.  You would need to modify the attributes of either the source or target types to allow this access.\n"
                 print("#Constraint rule:")
-                print("\n\t" + data[0])
+                print("\n#\t" + data[0])
                 for reason in data[1:]:
                     print("#\tPossible cause is the source %s and target %s are different.\n" % reason)
 
diff --git a/sepolgen/src/sepolgen/policygen.py b/sepolgen/src/sepolgen/policygen.py
index 9cacc35..4438a11 100644
--- a/sepolgen/src/sepolgen/policygen.py
+++ b/sepolgen/src/sepolgen/policygen.py
@@ -177,7 +177,7 @@ class PolicyGenerator:
             if av.type == audit2why.CONSTRAINT:
                 rule.comment += "\n#!!!! This avc is a constraint violation.  You would need to modify the attributes of either the source or target types to allow this access."
                 rule.comment += "\n#Constraint rule: "
-                rule.comment += "\n\t" + av.data[0]
+                rule.comment += "\n#\t" + av.data[0]
                 for reason in av.data[1:]:
                     rule.comment += "\n#\tPossible cause is the source %s and target %s are different." % reason
 
-- 
2.4.6

^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH] policycoreutils: Comment constraint rules in audit2allow and sepolgen output
  2015-07-30 15:53 [PATCH] policycoreutils: Comment constraint rules in audit2allow and sepolgen output Petr Lautrbach
@ 2015-07-31 15:20 ` Stephen Smalley
  0 siblings, 0 replies; 2+ messages in thread
From: Stephen Smalley @ 2015-07-31 15:20 UTC (permalink / raw)
  To: Petr Lautrbach, selinux

On 07/30/2015 11:53 AM, Petr Lautrbach wrote:
> Constraint rules in output need to be commented in order to make a policy
> compilable.
> 
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1155974
> 
> Patch-by: Miroslav Grepl <mgrepl@redhat.com>
> Signed-off-by: Petr Lautrbach <plautrba@redhat.com>

Thanks, applied.

> ---
>  policycoreutils/audit2allow/audit2allow | 2 +-
>  sepolgen/src/sepolgen/policygen.py      | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/policycoreutils/audit2allow/audit2allow b/policycoreutils/audit2allow/audit2allow
> index 62338a0..6bbab40 100644
> --- a/policycoreutils/audit2allow/audit2allow
> +++ b/policycoreutils/audit2allow/audit2allow
> @@ -273,7 +273,7 @@ class AuditToPolicy:
>              if rc == audit2why.CONSTRAINT:
>                  print()  # !!!! This avc is a constraint violation.  You would need to modify the attributes of either the source or target types to allow this access.\n"
>                  print("#Constraint rule:")
> -                print("\n\t" + data[0])
> +                print("\n#\t" + data[0])
>                  for reason in data[1:]:
>                      print("#\tPossible cause is the source %s and target %s are different.\n" % reason)
>  
> diff --git a/sepolgen/src/sepolgen/policygen.py b/sepolgen/src/sepolgen/policygen.py
> index 9cacc35..4438a11 100644
> --- a/sepolgen/src/sepolgen/policygen.py
> +++ b/sepolgen/src/sepolgen/policygen.py
> @@ -177,7 +177,7 @@ class PolicyGenerator:
>              if av.type == audit2why.CONSTRAINT:
>                  rule.comment += "\n#!!!! This avc is a constraint violation.  You would need to modify the attributes of either the source or target types to allow this access."
>                  rule.comment += "\n#Constraint rule: "
> -                rule.comment += "\n\t" + av.data[0]
> +                rule.comment += "\n#\t" + av.data[0]
>                  for reason in av.data[1:]:
>                      rule.comment += "\n#\tPossible cause is the source %s and target %s are different." % reason
>  
> 

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-07-31 15:20 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-07-30 15:53 [PATCH] policycoreutils: Comment constraint rules in audit2allow and sepolgen output Petr Lautrbach
2015-07-31 15:20 ` Stephen Smalley

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.