Constraint rules in output need to be commented in order to make a policy compilable. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1155974 Patch-by: Miroslav Grepl <mgrepl@xxxxxxxxxx> Signed-off-by: Petr Lautrbach <plautrba@xxxxxxxxxx> --- policycoreutils/audit2allow/audit2allow | 2 +- sepolgen/src/sepolgen/policygen.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/policycoreutils/audit2allow/audit2allow b/policycoreutils/audit2allow/audit2allow index 62338a0..6bbab40 100644 --- a/policycoreutils/audit2allow/audit2allow +++ b/policycoreutils/audit2allow/audit2allow @@ -273,7 +273,7 @@ class AuditToPolicy: if rc == audit2why.CONSTRAINT: print() # !!!! This avc is a constraint violation. You would need to modify the attributes of either the source or target types to allow this access.\n" print("#Constraint rule:") - print("\n\t" + data[0]) + print("\n#\t" + data[0]) for reason in data[1:]: print("#\tPossible cause is the source %s and target %s are different.\n" % reason) diff --git a/sepolgen/src/sepolgen/policygen.py b/sepolgen/src/sepolgen/policygen.py index 9cacc35..4438a11 100644 --- a/sepolgen/src/sepolgen/policygen.py +++ b/sepolgen/src/sepolgen/policygen.py @@ -177,7 +177,7 @@ class PolicyGenerator: if av.type == audit2why.CONSTRAINT: rule.comment += "\n#!!!! This avc is a constraint violation. You would need to modify the attributes of either the source or target types to allow this access." rule.comment += "\n#Constraint rule: " - rule.comment += "\n\t" + av.data[0] + rule.comment += "\n#\t" + av.data[0] for reason in av.data[1:]: rule.comment += "\n#\tPossible cause is the source %s and target %s are different." % reason -- 2.4.6 _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
