RepoMirrors
/
selinux
mirror of https://github.com/SELinuxProject/selinux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Have audit2allow output additional constraint information

This commit is contained in:
Dan Walsh 2013-10-28 10:35:10 -04:00 committed by Stephen Smalley
parent 579236d30a
commit 3ddff86b8f
1 changed files with 5 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
policycoreutils/audit2allow/audit2allow
View File

@ -269,12 +269,11 @@ class AuditToPolicy:
continue
if rc == audit2why.CONSTRAINT:
print "\t\tPolicy constraint violation.\n"
print "\t\tMay require adding a type attribute to the domain or type to satisfy the constraint.\n"
print "\t\tConstraints are defined in the policy sources in policy/constraints (general), policy/mcs (MCS), and policy/mls (MLS).\n"
for reason in data:
print "\t\tNote: Possible cause is the source and target %s differ\n" % reason
continue
print #!!!! This avc is a constraint violation. You would need to modify the attributes of either the source or target types to allow this access.\n"
print "#Constraint rule:"
print "\n\t" + data[0]
for reason in data[1:]:
print "#\tPossible cause is the source %s and target %s are different.\n" % reason
if rc == audit2why.RBAC:
print "\t\tMissing role allow rule.\n"