Re: [PATCH] policycoreutils: Comment constraint rules in audit2allow and sepolgen output

Stephen Smalley <sds@xxxxxxxxxxxxx> · Fri, 31 Jul 2015 11:20:11 -0400

On 07/30/2015 11:53 AM, Petr Lautrbach wrote:
> Constraint rules in output need to be commented in order to make a policy
> compilable.
> 
> Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1155974
> 
> Patch-by: Miroslav Grepl <mgrepl@xxxxxxxxxx>
> Signed-off-by: Petr Lautrbach <plautrba@xxxxxxxxxx>

Thanks, applied.

> ---
>  policycoreutils/audit2allow/audit2allow | 2 +-
>  sepolgen/src/sepolgen/policygen.py      | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/policycoreutils/audit2allow/audit2allow b/policycoreutils/audit2allow/audit2allow
> index 62338a0..6bbab40 100644
> --- a/policycoreutils/audit2allow/audit2allow
> +++ b/policycoreutils/audit2allow/audit2allow
> @@ -273,7 +273,7 @@ class AuditToPolicy:
>              if rc == audit2why.CONSTRAINT:
>                  print()  # !!!! This avc is a constraint violation.  You would need to modify the attributes of either the source or target types to allow this access.\n"
>                  print("#Constraint rule:")
> -                print("\n\t" + data[0])
> +                print("\n#\t" + data[0])
>                  for reason in data[1:]:
>                      print("#\tPossible cause is the source %s and target %s are different.\n" % reason)
>  
> diff --git a/sepolgen/src/sepolgen/policygen.py b/sepolgen/src/sepolgen/policygen.py
> index 9cacc35..4438a11 100644
> --- a/sepolgen/src/sepolgen/policygen.py
> +++ b/sepolgen/src/sepolgen/policygen.py
> @@ -177,7 +177,7 @@ class PolicyGenerator:
>              if av.type == audit2why.CONSTRAINT:
>                  rule.comment += "\n#!!!! This avc is a constraint violation.  You would need to modify the attributes of either the source or target types to allow this access."
>                  rule.comment += "\n#Constraint rule: "
> -                rule.comment += "\n\t" + av.data[0]
> +                rule.comment += "\n#\t" + av.data[0]
>                  for reason in av.data[1:]:
>                      rule.comment += "\n#\tPossible cause is the source %s and target %s are different." % reason
>  
> 

_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.