rpms/policycoreutils
7
0
Fork 0
Code Issues Pull Requests Releases Activity
8be0816a98
policycoreutils/policycoreutils-sepolgen.patch
Dan Walsh 8be0816a98 sepolicy manpage: 
-   use nroff instead of man2html
-   Remove checking for name of person who created the man page
- audit2allow
-   Fix output to show the level that is different.
2013-03-19 16:58:35 -04:00

42 lines
2.4 KiB
Diff
Raw Blame History

diff --git a/sepolgen/src/sepolgen/audit.py b/sepolgen/src/sepolgen/audit.py
index d636091..56919be 100644
--- a/sepolgen/src/sepolgen/audit.py
+++ b/sepolgen/src/sepolgen/audit.py
@@ -259,13 +259,13 @@ class AVCMessage(AuditMessage):
raise ValueError("Error during access vector computation")
if self.type == audit2why.CONSTRAINT:
- self.data = []
+ self.data = [ self.data ]
if self.scontext.user != self.tcontext.user:
- self.data.append("user")
+ self.data.append(("user (%s)" % self.scontext.user, 'user (%s)' % self.tcontext.user))
if self.scontext.role != self.tcontext.role and self.tcontext.role != "object_r":
- self.data.append("role")
+ self.data.append(("role (%s)" % self.scontext.role, 'role (%s)' % self.tcontext.role))
if self.scontext.level != self.tcontext.level:
- self.data.append("level")
+ self.data.append(("level (%s)" % self.scontext.level, 'level (%s)' % self.tcontext.level))
avcdict[(scontext, tcontext, self.tclass, access_tuple)] = (self.type, self.data)
diff --git a/sepolgen/src/sepolgen/policygen.py b/sepolgen/src/sepolgen/policygen.py
index cc9f8ea..24062a1 100644
--- a/sepolgen/src/sepolgen/policygen.py
+++ b/sepolgen/src/sepolgen/policygen.py
@@ -172,10 +172,10 @@ class PolicyGenerator:
rule.comment += "#!!!! This avc can be allowed using the boolean '%s'\n" % av.data[0][0]
if av.type == audit2why.CONSTRAINT:
- rule.comment += "#!!!! This avc is a constraint violation. You will need to add an attribute to either the source or target type to make it work.\n"
- rule.comment += "#Constraint rule: "
- for reason in av.data:
- rule.comment += "\n#\tPossible cause source context and target context '%s' differ\b" % reason
+ rule.comment += "#!!!! This avc is a constraint violation. You would need to modify the attributes of either the source or target types to allow this access.\n"
+ rule.comment += "#Constraint rule: \n\t" + av.data[0]
+ for reason in av.data[1:]:
+ rule.comment += "#\tPossible cause is the source %s and target %s are different.\n\b" % reason
try:
if ( av.type == audit2why.TERULE and
Reference in New Issue View Git Blame Copy Permalink