Re: [PATCH] Suppress rule generation for dontaudit rules

From: Karl MacMillan <kmacmillan_at_nospam>
Date: Fri Aug 24 2007 - 16:00:10 GMT
To: Stephen Smalley <sds@tycho.nsa.gov>

On Thu, 2007-08-23 at 09:22 -0400, Stephen Smalley wrote:
> On Thu, 2007-08-16 at 15:23 -0400, Joshua Brindle wrote:
> > Stephen Smalley wrote:
> > > On Wed, 2007-08-15 at 10:15 -0400, Karl MacMillan wrote:
> > >
> > >> The current policy generation code incorrectly generates allow rules for dontaudit messages. This patch fixes that.
> > >>

[...]
> >
> > Merged into 1.0.9
>
> Reverted. Didn't work.
>

That's because it was wildly wrong - I thought I tested that, but I guess not. Correct patch below:

diff -r e962f4f773fc sepolgen/src/sepolgen/audit.py --- a/sepolgen/src/sepolgen/audit.py Wed Aug 22 15:55:24 2007 -0400 +++ b/sepolgen/src/sepolgen/audit.py Thu Aug 23 15:11:09 2007 -0400 @@ -421,6 +421,8 @@ class AuditParser: """ av_set = access.AccessVectorSet() for avc in self.avc_msgs: + if avc.denial == True: + continue if avc_filter: if avc_filter.filter(avc): av_set.add(avc.scontext.type, avc.tcontext.type, avc.tclass,

Signed-off-by: Karl MacMillan <kmacmillan@mentalrootkit.com> -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.

This message: [ Message body ]
Next message: Tom London: "Re: [PATCH] refpolicy: apps_vmware changes"
Previous message: Paul Moore: "Re: [RFC 0/5] Static/fallback external labels for NetLabel"
In reply to: Stephen Smalley: "Re: [PATCH] Suppress rule generation for dontaudit rules"
Next in thread: Stephen Smalley: "Re: [PATCH] Suppress rule generation for dontaudit rules"
Reply: Stephen Smalley: "Re: [PATCH] Suppress rule generation for dontaudit rules"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]