On Thu, 2004-08-12 at 17:47, t l wrote:
> Sorry to make the first mod so complicated.
>
> After looking at the Perl a bit, this is simpler, but
> depends on 'important brace fields' starting with the
> brace character. Is that correct?
I think so (I didn't write this script, and am not a perl expert
either). The script is just trying to extract the list of permissions,
which starts with a { by itself after the avc: denied prefix. With
regard to your original diff, note that audit2allow captures auxiliary
audit information like path and exe for the -v option; the exceptions
for pid, dev, and ino are just to omit that information, as it was
viewed as too ephemeral to likely be useful when reviewing audit2allow
output.
--
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency
