Audit2allow/audit2why patch for policycoreutils.

Audit2allow/audit2why patch for policycoreutils.

[Daniel J Walsh]

[-- Attachment #1: Type: text/plain, Size: 341 bytes --]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Reveals dontaudit rules in policy.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkff30kACgkQrlYvE4MpobP0IgCfTxNojL6yGB6t26Nl+aERmQc4
pJUAoNlJHmee/Q++U18HG2ty5UcECkte
=qpCx
-----END PGP SIGNATURE-----

[-- Attachment #2: audit2why.patch --]
[-- Type: text/plain, Size: 1046 bytes --]

--- nsapolicycoreutils/audit2allow/audit2allow	2008-01-28 16:52:25.000000000 -0500
+++ policycoreutils-2.0.44/audit2allow/audit2allow	2008-03-18 11:22:52.000000000 -0400
@@ -247,6 +247,11 @@
                     print "\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n"
                     print "\t\tPossible mismatch between current in-memory boolean settings vs. permanent ones.\n"
                     continue
+                if rc == audit2why.DONTAUDIT:
+                    print "\t\tUnknown - should be dontaudit'd by active policy\n",
+                    print "\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n"
+                    print "\t\tPossible mismatch between current in-memory boolean settings vs. permanent ones.\n"
+                    continue
                 if rc == audit2why.BOOLEAN:
                     if len(bools) > 1:
                         print "\tOne of the following booleans was set incorrectly."

[-- Attachment #3: audit2why.patch.sig --]
[-- Type: application/octet-stream, Size: 72 bytes --]

Re: Audit2allow/audit2why patch for policycoreutils.

[Stephen Smalley]

On Tue, 2008-03-18 at 11:27 -0400, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Reveals dontaudit rules in policy.

Thanks, merged.

It would help if we could make the output more user-friendly, e.g.
giving the user more help on how to resolve or further investigate such
cases, although that is difficult in this situation where we have a
mismatch.

> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.8 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
> 
> iEYEARECAAYFAkff30kACgkQrlYvE4MpobP0IgCfTxNojL6yGB6t26Nl+aERmQc4
> pJUAoNlJHmee/Q++U18HG2ty5UcECkte
> =qpCx
> -----END PGP SIGNATURE-----
> plain text document attachment (audit2why.patch)
> --- nsapolicycoreutils/audit2allow/audit2allow	2008-01-28 16:52:25.000000000 -0500
> +++ policycoreutils-2.0.44/audit2allow/audit2allow	2008-03-18 11:22:52.000000000 -0400
> @@ -247,6 +247,11 @@
>                      print "\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n"
>                      print "\t\tPossible mismatch between current in-memory boolean settings vs. permanent ones.\n"
>                      continue
> +                if rc == audit2why.DONTAUDIT:
> +                    print "\t\tUnknown - should be dontaudit'd by active policy\n",
> +                    print "\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n"
> +                    print "\t\tPossible mismatch between current in-memory boolean settings vs. permanent ones.\n"
> +                    continue
>                  if rc == audit2why.BOOLEAN:
>                      if len(bools) > 1:
>                          print "\tOne of the following booleans was set incorrectly."
-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.