diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2why/audit2why.1 policycoreutils-1.23.9/audit2why/audit2why.1 --- nsapolicycoreutils/audit2why/audit2why.1 1969-12-31 19:00:00.000000000 -0500 +++ policycoreutils-1.23.9/audit2why/audit2why.1 2005-05-16 17:24:58.000000000 -0400 @@ -0,0 +1,62 @@ +.\" Hey, Emacs! This is an -*- nroff -*- source file. +.\" Copyright (c) 2005 Dan Walsh +.\" +.\" This is free documentation; you can redistribute it and/or +.\" modify it under the terms of the GNU General Public License as +.\" published by the Free Software Foundation; either version 2 of +.\" the License, or (at your option) any later version. +.\" +.\" The GNU General Public License's references to "object code" +.\" and "executables" are to be interpreted as the output of any +.\" document formatting or typesetting system, including +.\" intermediate and printed output. +.\" +.\" This manual is distributed in the hope that it will be useful, +.\" but WITHOUT ANY WARRANTY; without even the implied warranty of +.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.\" GNU General Public License for more details. +.\" +.\" You should have received a copy of the GNU General Public +.\" License along with this manual; if not, write to the Free +.\" Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, +.\" USA. +.\" +.\" +.TH AUDIT2ALLOW "1" "May 2005" "Security Enhanced Linux" NSA +.SH NAME +audit2why \- Translates auditmessages into a description of why the access was denied +.SH SYNOPSIS +.B audit2why +.RI [ options "] " +.SH OPTIONS +.TP + +.B "\-\-help" +Print a short usage message +.TP +.B "\-p " +Specify an alternate policy file. +.SH DESCRIPTION +.PP +This utility scans stdin (logfiles) for messages logged when the +system denied permission for operations, and generates a reason why the +access was denied +.PP +.SH EXAMPLE +$ /usr/sbin/audit2why < /var/log/audit/audit.log + +type=KERNEL msg=audit(1115316525.803:399552): avc: denied { getattr } for path=/home/sds dev=hda5 ino=1175041 scontext=root:secadm_r:secadm_t:s0-s9:c0.c127 tcontext=user_u:object_r:user_home_dir_t:s0 tclass=dir + Was caused by: + Missing TE allow rule for the type pair (use audit2allow). + +type=KERNEL msg=audit(1115320071.648:606858): avc: denied { append } for name=.bash_history dev=hda5 ino=1175047 scontext=user_u:user_r:user_t:s1-s9:c0.c127 tcontext=user_u:object_r:user_home_t:s0 tclass=file + Was caused by: + Constraint violation (add type attribute to domain to satisfy constraints or alter constraint). + + +.PP +.SH AUTHOR +This manual page was written by +.I Dan Walsh , +.B audit2why +utility was written by Stephen Smalley . diff --exclude-from=exclude -N -u -r nsapolicycoreutils/audit2why/Makefile policycoreutils-1.23.9/audit2why/Makefile --- nsapolicycoreutils/audit2why/Makefile 2005-05-16 15:40:11.000000000 -0400 +++ policycoreutils-1.23.9/audit2why/Makefile 2005-05-16 17:26:05.000000000 -0400 @@ -1,6 +1,6 @@ # Installation directories. PREFIX ?= ${DESTDIR}/usr -BINDIR ?= $(PREFIX)/sbin +BINDIR ?= $(PREFIX)/bin LIBDIR ?= ${PREFIX}/lib MANDIR ?= $(PREFIX)/share/man LOCALEDIR ?= /usr/share/locale @@ -8,7 +8,7 @@ CFLAGS = -Werror override CFLAGS += -Wall -W -LDLIBS += ${LIBDIR}/libsepol.a -lselinux +LDLIBS += -lsepol -lselinux TARGETS=audit2why @@ -17,6 +17,8 @@ install: all -mkdir -p $(BINDIR) install -m 755 $(TARGETS) $(BINDIR) + -mkdir -p $(MANDIR)/man1 + install -m 644 audit2why.1 $(MANDIR)/man1/ clean: rm -f $(TARGETS) *.o diff --exclude-from=exclude -N -u -r nsapolicycoreutils/scripts/fixfiles policycoreutils-1.23.9/scripts/fixfiles --- nsapolicycoreutils/scripts/fixfiles 2005-04-29 14:11:23.000000000 -0400 +++ policycoreutils-1.23.9/scripts/fixfiles 2005-05-16 17:24:58.000000000 -0400 @@ -164,7 +164,7 @@ fi # See how we were called. -while getopts "C:Fo:R:l:" i; do +while getopts "C:Ffo:R:l:" i; do case "$i" in f) fullFlag=1