On 08/15/2016 10:44 AM, Miroslav Vadkerti wrote: > In case serange is empty, but the record is beeing modified > (setype was supplied), use default "s0" range. With the original > code the audit event would be printed with no range (i.e. > "system_u:object_r:ssh_port_t:") > > Note that default "s0" is currently used in other places > of seobject.py. > Note-to-self: when we deal with refpolicy specific identifiers like system_u remember to also deal with these. Since these are essentially also refpolicy specific identifiers. > Signed-off-by: Miroslav Vadkerti <mvadkert@xxxxxxxxxx> > --- > policycoreutils/semanage/seobject.py | 7 +++++-- > 1 file changed, 5 insertions(+), 2 deletions(-) > > diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py > index 538ff0a..a6681f0 100644 > --- a/policycoreutils/semanage/seobject.py > +++ b/policycoreutils/semanage/seobject.py > @@ -1161,8 +1161,11 @@ class portRecords(semanageRecords): > > con = semanage_port_get_con(p) > > - if (is_mls_enabled == 1) and (serange != ""): > - semanage_context_set_mls(self.sh, con, untranslate(serange)) > + if is_mls_enabled == 1: > + if serange == "": > + serange = "s0" > + else: > + semanage_context_set_mls(self.sh, con, untranslate(serange)) > if setype != "": > semanage_context_set_type(self.sh, con, setype) > > -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
