For modify action actually audit the selinux type, i.e. use setype
variable.
For deleting equal fcontext rules do not audit ftype, as the ftype value
for equal rules makes little sense.
Signed-off-by: Miroslav Vadkerti <mvadkert@xxxxxxxxxx>
---
policycoreutils/semanage/seobject.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
index 786ed0e..8d3088c 100644
--- a/policycoreutils/semanage/seobject.py
+++ b/policycoreutils/semanage/seobject.py
@@ -1992,7 +1992,7 @@ class fcontextRecords(semanageRecords):
if not seuser:
seuser = "system_u"
- self.mylog.log_change("resrc=fcontext op=modify %s ftype=%s tcontext=%s:%s:%s:%s" % (audit.audit_encode_nv_string("tglob", target, 0), ftype_to_audit[ftype], seuser, "object_r", type, serange))
+ self.mylog.log_change("resrc=fcontext op=modify %s ftype=%s tcontext=%s:%s:%s:%s" % (audit.audit_encode_nv_string("tglob", target, 0), ftype_to_audit[ftype], seuser, "object_r", setype, serange))
def modify(self, target, setype, ftype, serange, seuser):
self.begin()
@@ -2030,7 +2030,7 @@ class fcontextRecords(semanageRecords):
self.equiv.pop(target)
self.equal_ind = True
- self.mylog.log_change("resrc=fcontext op=delete-equal %s ftype=%s" % (audit.audit_encode_nv_string("tglob", target, 0), ftype_to_audit[ftype]))
+ self.mylog.log_change("resrc=fcontext op=delete-equal %s" % (audit.audit_encode_nv_string("tglob", target, 0)))
return
--
1.8.3.1
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
