-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This patch allows sepolgen to also display the constraint information.
This patch looks good to me. acked.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlJuwJUACgkQrlYvE4MpobMrsACfbtdHjC53/DrMF1itoktLp+Tx
5WsAnR7fu93pNYhnIBJRUkfHid+yw/tZ
=/iGt
-----END PGP SIGNATURE-----
>From 5c74c659e4c7da6227cd884c5d5593e9d8598e60 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@xxxxxxxxxx>
Date: Mon, 28 Oct 2013 10:35:57 -0400
Subject: [PATCH 09/17] Have sepolgen return additional constraint information
---
sepolgen/src/sepolgen/policygen.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sepolgen/src/sepolgen/policygen.py b/sepolgen/src/sepolgen/policygen.py
index 5912511..5f38577 100644
--- a/sepolgen/src/sepolgen/policygen.py
+++ b/sepolgen/src/sepolgen/policygen.py
@@ -174,7 +174,8 @@ class PolicyGenerator:
if av.type == audit2why.CONSTRAINT:
rule.comment += "\n#!!!! This avc is a constraint violation. You would need to modify the attributes of either the source or target types to allow this access."
rule.comment += "\n#Constraint rule: "
- for reason in av.data:
+ rule.comment += "\n\t" + av.data[0]
+ for reason in av.data[1:]:
rule.comment += "\n#\tPossible cause is the source %s and target %s are different." % reason
try:
--
1.8.3.1
