From 4a674abd341bf6847d5f245d57b42f4fd0786123 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Mon, 28 Oct 2013 10:13:07 -0400 Subject: [PATCH] Return the sections of the source and target context that differ Help the administrator/policy developer to see what parts of the label are different. For example if you get a constraint violation and the role of the source and target differ, audit2allow will suggest this might be the problem. --- sepolgen/src/sepolgen/audit.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/sepolgen/src/sepolgen/audit.py b/sepolgen/src/sepolgen/audit.py index d636091e..56919be7 100644 --- a/sepolgen/src/sepolgen/audit.py +++ b/sepolgen/src/sepolgen/audit.py @@ -259,13 +259,13 @@ class AVCMessage(AuditMessage): raise ValueError("Error during access vector computation") if self.type == audit2why.CONSTRAINT: - self.data = [] + self.data = [ self.data ] if self.scontext.user != self.tcontext.user: - self.data.append("user") + self.data.append(("user (%s)" % self.scontext.user, 'user (%s)' % self.tcontext.user)) if self.scontext.role != self.tcontext.role and self.tcontext.role != "object_r": - self.data.append("role") + self.data.append(("role (%s)" % self.scontext.role, 'role (%s)' % self.tcontext.role)) if self.scontext.level != self.tcontext.level: - self.data.append("level") + self.data.append(("level (%s)" % self.scontext.level, 'level (%s)' % self.tcontext.level)) avcdict[(scontext, tcontext, self.tclass, access_tuple)] = (self.type, self.data)