On Tue, 5 Sep 2006 17:35:24 -0700 (PDT)
Steve G wrote:
> >There is no log saying "avc granted load_policy",
> >instead, there is audit log "audit(1157498697.581:88): policy loaded
> >auid=4294967295 ".
> Yes this is correct. This is the new way as of kernel 2.6.17. There was some
> overlap where an audit was in the policy and the kernel, but we only need one
> message. The audit2allow program should be updated to recognize the above as a
> load policy event.
I see, so avc.py should be fixed.
I wrote simple patch.
Yuichi Nakamura
--- avc.py.orig 2006-09-06 08:34:03.000000000 +0900
+++ avc.py 2006-09-06 10:06:26.000000000 +0900
@@ -354,6 +354,15 @@
found = 1
else:
dict.append(i)
+
+ if not found:
+ regexp = "audit\(\d+\.\d+:\d+\): policy loaded"
+ m = re.match(regexp, line)
+ if m !=None:
+ found =1
+ dict.append("load_policy")
+ dict.append("granted")
+
if found:
self.translate(dict)
found = 0
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
