-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This patch returns extra data about what is different between the source and
target context when a constraint violation happens.
This patch looks good to me. acked.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlJuv+4ACgkQrlYvE4MpobOFrACg3Ng2xsKL6RFHNBIDGUoJ48yx
Mt8AnidAzeE6+d4PKUQTnLeDq3hgmsZo
=TKPZ
-----END PGP SIGNATURE-----
>From 931209dda886716c5bcc6a56d13f764b77e8c81d Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@xxxxxxxxxx>
Date: Mon, 28 Oct 2013 10:13:07 -0400
Subject: [PATCH 06/17] Return the sections of the source and target context
that differ
Help the administrator/policy developer to see what parts of the label are different.
For example if you get a constraint violation and the role of the source and target
differ, audit2allow will suggest this might be the problem.
---
sepolgen/src/sepolgen/audit.py | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/sepolgen/src/sepolgen/audit.py b/sepolgen/src/sepolgen/audit.py
index d636091..56919be 100644
--- a/sepolgen/src/sepolgen/audit.py
+++ b/sepolgen/src/sepolgen/audit.py
@@ -259,13 +259,13 @@ class AVCMessage(AuditMessage):
raise ValueError("Error during access vector computation")
if self.type == audit2why.CONSTRAINT:
- self.data = []
+ self.data = [ self.data ]
if self.scontext.user != self.tcontext.user:
- self.data.append("user")
+ self.data.append(("user (%s)" % self.scontext.user, 'user (%s)' % self.tcontext.user))
if self.scontext.role != self.tcontext.role and self.tcontext.role != "object_r":
- self.data.append("role")
+ self.data.append(("role (%s)" % self.scontext.role, 'role (%s)' % self.tcontext.role))
if self.scontext.level != self.tcontext.level:
- self.data.append("level")
+ self.data.append(("level (%s)" % self.scontext.level, 'level (%s)' % self.tcontext.level))
avcdict[(scontext, tcontext, self.tclass, access_tuple)] = (self.type, self.data)
--
1.8.3.1
