Thanks.
I figured the script was doing more with some of the fields, and
reordering the code would break something ....
If the 'we only need to consider braces at the start' assumption
is wrong, I think a more complicated regular expression that
just excludes braces after '=' would work too.
tom
------------------------------------------------------------------------
* /From/: Stephen Smalley <sds epoch ncsc mil>
------------------------------------------------------------------------
On Thu, 2004-08-12 at 17:47, t l wrote:
Sorry to make the first mod so complicated.
After looking at the Perl a bit, this is simpler, but
depends on 'important brace fields' starting with the
brace character. Is that correct?
I think so (I didn't write this script, and am not a perl expert
either). The script is just trying to extract the list of permissions,
which starts with a { by itself after the avc: denied prefix. With
regard to your original diff, note that audit2allow captures auxiliary
audit information like path and exe for the -v option; the exceptions
for pid, dev, and ino are just to omit that information, as it was
viewed as too ephemeral to likely be useful when reviewing audit2allow
output.
--
Stephen Smalley <sds epoch ncsc mil>
National Security Agency