-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This patch puts out the constraint information with audit2allow output.
This patch looks good to me. acked.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlJuwGIACgkQrlYvE4MpobMPDwCdHbqUtFuDd6JETLSE5I9Ghtgf
33wAmgNEnS8ADFbNnYmb4xlpf+1CK/wK
=cqz2
-----END PGP SIGNATURE-----
>From d7efaa4e995f2cc352a063de2f87925445550274 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@xxxxxxxxxx>
Date: Mon, 28 Oct 2013 10:35:10 -0400
Subject: [PATCH 08/17] Have audit2allow output additional constraint
information
---
policycoreutils/audit2allow/audit2allow | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/policycoreutils/audit2allow/audit2allow b/policycoreutils/audit2allow/audit2allow
index 01bb92a..c9713a2 100644
--- a/policycoreutils/audit2allow/audit2allow
+++ b/policycoreutils/audit2allow/audit2allow
@@ -269,12 +269,11 @@ class AuditToPolicy:
continue
if rc == audit2why.CONSTRAINT:
- print "\t\tPolicy constraint violation.\n"
- print "\t\tMay require adding a type attribute to the domain or type to satisfy the constraint.\n"
- print "\t\tConstraints are defined in the policy sources in policy/constraints (general), policy/mcs (MCS), and policy/mls (MLS).\n"
- for reason in data:
- print "\t\tNote: Possible cause is the source and target %s differ\n" % reason
- continue
+ print #!!!! This avc is a constraint violation. You would need to modify the attributes of either the source or target types to allow this access.\n"
+ print "#Constraint rule:"
+ print "\n\t" + data[0]
+ for reason in data[1:]:
+ print "#\tPossible cause is the source %s and target %s are different.\n" % reason
if rc == audit2why.RBAC:
print "\t\tMissing role allow rule.\n"
--
1.8.3.1
