In case serange is empty, but the record is beeing modified
(setype was supplied), use default "s0" range. With the original
code the audit event would be printed with no range (i.e.
"system_u:object_r:ssh_port_t:")
Note that default "s0" is currently used in other places
of seobject.py.
Signed-off-by: Miroslav Vadkerti <mvadkert@xxxxxxxxxx>
---
policycoreutils/semanage/seobject.py | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
index 538ff0a..a6681f0 100644
--- a/policycoreutils/semanage/seobject.py
+++ b/policycoreutils/semanage/seobject.py
@@ -1161,8 +1161,11 @@ class portRecords(semanageRecords):
con = semanage_port_get_con(p)
- if (is_mls_enabled == 1) and (serange != ""):
- semanage_context_set_mls(self.sh, con, untranslate(serange))
+ if is_mls_enabled == 1:
+ if serange == "":
+ serange = "s0"
+ else:
+ semanage_context_set_mls(self.sh, con, untranslate(serange))
if setype != "":
semanage_context_set_type(self.sh, con, setype)
--
1.8.3.1
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
