* [PATCH] policycoreutils: Comment constraint rules in audit2allow and sepolgen output
@ 2015-07-30 15:53 Petr Lautrbach
2015-07-31 15:20 ` Stephen Smalley
0 siblings, 1 reply; 2+ messages in thread
From: Petr Lautrbach @ 2015-07-30 15:53 UTC (permalink / raw)
To: selinux
Constraint rules in output need to be commented in order to make a policy
compilable.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1155974
Patch-by: Miroslav Grepl <mgrepl@redhat.com>
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
policycoreutils/audit2allow/audit2allow | 2 +-
sepolgen/src/sepolgen/policygen.py | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/policycoreutils/audit2allow/audit2allow b/policycoreutils/audit2allow/audit2allow
index 62338a0..6bbab40 100644
--- a/policycoreutils/audit2allow/audit2allow
+++ b/policycoreutils/audit2allow/audit2allow
@@ -273,7 +273,7 @@ class AuditToPolicy:
if rc == audit2why.CONSTRAINT:
print() # !!!! This avc is a constraint violation. You would need to modify the attributes of either the source or target types to allow this access.\n"
print("#Constraint rule:")
- print("\n\t" + data[0])
+ print("\n#\t" + data[0])
for reason in data[1:]:
print("#\tPossible cause is the source %s and target %s are different.\n" % reason)
diff --git a/sepolgen/src/sepolgen/policygen.py b/sepolgen/src/sepolgen/policygen.py
index 9cacc35..4438a11 100644
--- a/sepolgen/src/sepolgen/policygen.py
+++ b/sepolgen/src/sepolgen/policygen.py
@@ -177,7 +177,7 @@ class PolicyGenerator:
if av.type == audit2why.CONSTRAINT:
rule.comment += "\n#!!!! This avc is a constraint violation. You would need to modify the attributes of either the source or target types to allow this access."
rule.comment += "\n#Constraint rule: "
- rule.comment += "\n\t" + av.data[0]
+ rule.comment += "\n#\t" + av.data[0]
for reason in av.data[1:]:
rule.comment += "\n#\tPossible cause is the source %s and target %s are different." % reason
--
2.4.6
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] policycoreutils: Comment constraint rules in audit2allow and sepolgen output
2015-07-30 15:53 [PATCH] policycoreutils: Comment constraint rules in audit2allow and sepolgen output Petr Lautrbach
@ 2015-07-31 15:20 ` Stephen Smalley
0 siblings, 0 replies; 2+ messages in thread
From: Stephen Smalley @ 2015-07-31 15:20 UTC (permalink / raw)
To: Petr Lautrbach, selinux
On 07/30/2015 11:53 AM, Petr Lautrbach wrote:
> Constraint rules in output need to be commented in order to make a policy
> compilable.
>
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1155974
>
> Patch-by: Miroslav Grepl <mgrepl@redhat.com>
> Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Thanks, applied.
> ---
> policycoreutils/audit2allow/audit2allow | 2 +-
> sepolgen/src/sepolgen/policygen.py | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/policycoreutils/audit2allow/audit2allow b/policycoreutils/audit2allow/audit2allow
> index 62338a0..6bbab40 100644
> --- a/policycoreutils/audit2allow/audit2allow
> +++ b/policycoreutils/audit2allow/audit2allow
> @@ -273,7 +273,7 @@ class AuditToPolicy:
> if rc == audit2why.CONSTRAINT:
> print() # !!!! This avc is a constraint violation. You would need to modify the attributes of either the source or target types to allow this access.\n"
> print("#Constraint rule:")
> - print("\n\t" + data[0])
> + print("\n#\t" + data[0])
> for reason in data[1:]:
> print("#\tPossible cause is the source %s and target %s are different.\n" % reason)
>
> diff --git a/sepolgen/src/sepolgen/policygen.py b/sepolgen/src/sepolgen/policygen.py
> index 9cacc35..4438a11 100644
> --- a/sepolgen/src/sepolgen/policygen.py
> +++ b/sepolgen/src/sepolgen/policygen.py
> @@ -177,7 +177,7 @@ class PolicyGenerator:
> if av.type == audit2why.CONSTRAINT:
> rule.comment += "\n#!!!! This avc is a constraint violation. You would need to modify the attributes of either the source or target types to allow this access."
> rule.comment += "\n#Constraint rule: "
> - rule.comment += "\n\t" + av.data[0]
> + rule.comment += "\n#\t" + av.data[0]
> for reason in av.data[1:]:
> rule.comment += "\n#\tPossible cause is the source %s and target %s are different." % reason
>
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-07-31 15:20 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-07-30 15:53 [PATCH] policycoreutils: Comment constraint rules in audit2allow and sepolgen output Petr Lautrbach
2015-07-31 15:20 ` Stephen Smalley
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.