policycoreutils/policycoreutils-sepolgen.patch

diff --git a/sepolgen/src/sepolgen/audit.py b/sepolgen/src/sepolgen/audit.py
index d636091..56919be 100644
--- a/sepolgen/src/sepolgen/audit.py
+++ b/sepolgen/src/sepolgen/audit.py
@@ -259,13 +259,13 @@ class AVCMessage(AuditMessage):
                 raise ValueError("Error during access vector computation")
 
             if self.type == audit2why.CONSTRAINT:
-                self.data = []
+                self.data = [ self.data ]
                 if self.scontext.user != self.tcontext.user:
-                    self.data.append("user")
+                    self.data.append(("user (%s)" % self.scontext.user, 'user (%s)' % self.tcontext.user))
                 if self.scontext.role != self.tcontext.role and self.tcontext.role != "object_r":
-                    self.data.append("role")
+                    self.data.append(("role (%s)" % self.scontext.role, 'role (%s)' % self.tcontext.role))
                 if self.scontext.level != self.tcontext.level:
-                    self.data.append("level")
+                    self.data.append(("level (%s)" % self.scontext.level, 'level (%s)' % self.tcontext.level))
 
             avcdict[(scontext, tcontext, self.tclass, access_tuple)] = (self.type, self.data)
 
diff --git a/sepolgen/src/sepolgen/policygen.py b/sepolgen/src/sepolgen/policygen.py
index cc9f8ea..24062a1 100644
--- a/sepolgen/src/sepolgen/policygen.py
+++ b/sepolgen/src/sepolgen/policygen.py
@@ -172,10 +172,10 @@ class PolicyGenerator:
                     rule.comment += "#!!!! This avc can be allowed using the boolean '%s'\n" % av.data[0][0]
 
             if av.type == audit2why.CONSTRAINT:
-                rule.comment += "#!!!! This avc is a constraint violation.  You will need to add an attribute to either the source or target type to make it work.\n"
-                rule.comment += "#Constraint rule: "
-                for reason in av.data:
-                    rule.comment += "\n#\tPossible cause source context and target context '%s' differ\b" % reason
+                rule.comment += "#!!!! This avc is a constraint violation.  You would need to modify the attributes of either the source or target types to allow this access.\n"
+                rule.comment += "#Constraint rule: \n\t" + av.data[0]
+                for reason in av.data[1:]:
+                    rule.comment += "#\tPossible cause is the source %s and target %s are different.\n\b" % reason
 
             try:
                 if ( av.type == audit2why.TERULE and
Add Miroslav Grepl patch to generate html man pages - Update Translations - Add option to sandbox to shred files before deleting 2012-10-25 17:58:08 +00:00			`diff --git a/sepolgen/src/sepolgen/audit.py b/sepolgen/src/sepolgen/audit.py`
sepolicy manpage: - use nroff instead of man2html - Remove checking for name of person who created the man page - audit2allow - Fix output to show the level that is different. 2013-03-19 20:58:35 +00:00			`index d636091..56919be 100644`
Add Miroslav Grepl patch to generate html man pages - Update Translations - Add option to sandbox to shred files before deleting 2012-10-25 17:58:08 +00:00			`--- a/sepolgen/src/sepolgen/audit.py`
			`+++ b/sepolgen/src/sepolgen/audit.py`
sepolicy manpage: - use nroff instead of man2html - Remove checking for name of person who created the man page - audit2allow - Fix output to show the level that is different. 2013-03-19 20:58:35 +00:00			`@@ -259,13 +259,13 @@ class AVCMessage(AuditMessage):`
Additional changes for bash completsion and generate man page to match the w - Add newtype as a new qualifier to sepolicy generate. This new mechanism wil - a policy write to generate types after the initial policy has been written a - will autogenerate all of the interfaces. - I also added a -w options to allow policy writers from the command line to s - the writable directories of files. - - Modify network.py to include interface definitions for newly created port type - Standardize of te_types just like all of the other templates. 2013-01-21 19:37:48 +00:00			`raise ValueError("Error during access vector computation")`

			`if self.type == audit2why.CONSTRAINT:`
			`- self.data = []`
			`+ self.data = [ self.data ]`
			`if self.scontext.user != self.tcontext.user:`
sepolicy manpage: - use nroff instead of man2html - Remove checking for name of person who created the man page - audit2allow - Fix output to show the level that is different. 2013-03-19 20:58:35 +00:00			`- self.data.append("user")`
			`+ self.data.append(("user (%s)" % self.scontext.user, 'user (%s)' % self.tcontext.user))`
Additional changes for bash completsion and generate man page to match the w - Add newtype as a new qualifier to sepolicy generate. This new mechanism wil - a policy write to generate types after the initial policy has been written a - will autogenerate all of the interfaces. - I also added a -w options to allow policy writers from the command line to s - the writable directories of files. - - Modify network.py to include interface definitions for newly created port type - Standardize of te_types just like all of the other templates. 2013-01-21 19:37:48 +00:00			`if self.scontext.role != self.tcontext.role and self.tcontext.role != "object_r":`
sepolicy manpage: - use nroff instead of man2html - Remove checking for name of person who created the man page - audit2allow - Fix output to show the level that is different. 2013-03-19 20:58:35 +00:00			`- self.data.append("role")`
			`+ self.data.append(("role (%s)" % self.scontext.role, 'role (%s)' % self.tcontext.role))`
			`if self.scontext.level != self.tcontext.level:`
			`- self.data.append("level")`
			`+ self.data.append(("level (%s)" % self.scontext.level, 'level (%s)' % self.tcontext.level))`

			`avcdict[(scontext, tcontext, self.tclass, access_tuple)] = (self.type, self.data)`

			`diff --git a/sepolgen/src/sepolgen/policygen.py b/sepolgen/src/sepolgen/policygen.py`
			`index cc9f8ea..24062a1 100644`
			`--- a/sepolgen/src/sepolgen/policygen.py`
			`+++ b/sepolgen/src/sepolgen/policygen.py`
			`@@ -172,10 +172,10 @@ class PolicyGenerator:`
			`rule.comment += "#!!!! This avc can be allowed using the boolean '%s'\n" % av.data[0][0]`

			`if av.type == audit2why.CONSTRAINT:`
			`- rule.comment += "#!!!! This avc is a constraint violation. You will need to add an attribute to either the source or target type to make it work.\n"`
			`- rule.comment += "#Constraint rule: "`
			`- for reason in av.data:`
			`- rule.comment += "\n#\tPossible cause source context and target context '%s' differ\b" % reason`
			`+ rule.comment += "#!!!! This avc is a constraint violation. You would need to modify the attributes of either the source or target types to allow this access.\n"`
			`+ rule.comment += "#Constraint rule: \n\t" + av.data[0]`
			`+ for reason in av.data[1:]:`
			`+ rule.comment += "#\tPossible cause is the source %s and target %s are different.\n\b" % reason`

			`try:`
			`if ( av.type == audit2why.TERULE and`