Re: selinux prelink avc's (broken paths in policy?)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Christopher Ashworth wrote:
On Wed, 2006-05-24 at 15:22 +0100, Paul Howarth wrote:

Is the sorting algorithm documented somewhere (the wiki?)?

The sorting algorithm is based on the following heuristics, applied in
this order:

When comparing two file contexts A and B...

- if A is a regular expression and B is not, A is less specific than B
- if A's stem length (the number of characters before the first regular
expression wildcard) is shorter than B's stem length, A is less specific
than B
- if A's string length (the entire length of the file context string) is
shorter than B's string length, A is less specific than B
- if A does not have a specified type and B does, A is less specific
than B.
- else, they are considered equally specific.

These are the same heuristics applied to file contexts when building
reference policy.
The sort is implemented as a stable iterative mergesort.

Thanks - I added this to the wiki:
http://fedoraproject.org/wiki/SELinux/ManagingFileContext

I suspect that Dan is currently writing a new page:
http://fedoraproject.org/wiki/SELinux/FileContext

Paul.

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux