* audit2allow patch
@ 2008-01-23 22:22 Daniel J Walsh
2008-01-24 18:37 ` Stephen Smalley
0 siblings, 1 reply; 6+ messages in thread
From: Daniel J Walsh @ 2008-01-23 22:22 UTC (permalink / raw)
To: Stephen Smalley, SE Linux
[-- Attachment #1: Type: text/plain, Size: 409 bytes --]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Fan through pychecker and cleaned up some bugs.
Also added booleans description from policy.xml file
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkeXvjMACgkQrlYvE4MpobOsgwCfbTTJxThRmfUw5LHQGhsG99vj
rtwAoMTo1ms2h6dOQXmrtLpHrwB1Ec5Z
=mNcO
-----END PGP SIGNATURE-----
[-- Attachment #2: audit2allow.patch --]
[-- Type: text/plain, Size: 4503 bytes --]
--- nsapolicycoreutils/audit2allow/audit2allow 2008-01-23 16:47:07.000000000 -0500
+++ policycoreutils-2.0.37/audit2allow/audit2allow 2008-01-23 17:15:21.000000000 -0500
@@ -19,7 +19,6 @@
#
import sys
-import tempfile
import sepolgen.audit as audit
import sepolgen.policygen as policygen
@@ -153,9 +152,9 @@
def __process_input(self):
if self.__options.type:
- filter = audit.TypeFilter(self.__options.type)
- self.__avs = self.__parser.to_access(filter)
- self.__selinux_errs = self.__parser.to_role(filter)
+ avcfilter = audit.TypeFilter(self.__options.type)
+ self.__avs = self.__parser.to_access(avcfilter)
+ self.__selinux_errs = self.__parser.to_role(avcfilter)
else:
self.__avs = self.__parser.to_access()
self.__selinux_errs = self.__parser.to_role()
@@ -221,13 +220,14 @@
def __output_audit2why(self):
import selinux
import selinux.audit2why as audit2why
+ import seobject
audit2why.init("%s.%s" % (selinux.selinux_binary_policy_path(), selinux.security_policyvers()))
for i in self.__parser.avc_msgs:
rc, bools = audit2why.analyze(i.scontext.to_string(), i.tcontext.to_string(), i.tclass, i.accesses)
if rc >= 0:
print "%s\n\tWas caused by:" % i.message
if rc == audit2why.NOPOLICY:
- raise "Must call policy_init first"
+ raise RuntimeError("Must call policy_init first")
if rc == audit2why.BADTCON:
print "Invalid Target Context %s\n" % i.tcontext
continue
@@ -241,7 +241,7 @@
print "Invalid permission %s\n" % i.accesses
continue
if rc == audit2why. BADCOMPUTE:
- raise "Error during access vector computation"
+ raise RuntimeError("Error during access vector computation")
if rc == audit2why.ALLOW:
print "\t\tUnknown - would be allowed by active policy\n",
print "\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n"
@@ -251,12 +251,14 @@
if len(bools) > 1:
print "\tOne of the following booleans was set incorrectly."
for b in bools:
- print "\n\tBoolean %s is %d. Allow access by executing:" % (b[0], not b[1])
- print "\t# setsebool -P %s %d" % (b[0], b[1])
+ print "\n\tBoolean %s is %d." % (b[0], not b[1])
+ print "\tDescription:\n\t%s\n" % seobject.boolean_desc(b[0])
+ print "\tAllow access by executing:\n\t# setsebool -P %s %d" % (b[0], b[1])
else:
- print "\tThe boolean %s was set incorrectly. Allow access by executing:" % bools[0][0]
- print "\t# setsebool -P %s %d\n" % (bools[0][0], bools[0][1])
-
+ print "\tThe boolean %s set incorrectly. " % (bools[0][0])
+ print "\n\tBoolean %s is %d." % (bools[0][0], bools[0][1])
+ print "\tDescription:\n\t%s\n" % seobject.boolean_desc(bools[0][0])
+ print "\tAllow access by executing:\n\t# setsebool -P %s %d" % (bools[0][0], bools[0][1])
continue
if rc == audit2why.TERULE:
--- nsapolicycoreutils/semanage/seobject.py 2007-12-10 21:42:27.000000000 -0500
+++ policycoreutils-2.0.37/semanage/seobject.py 2008-01-23 17:13:45.000000000 -0500
@@ -117,6 +117,12 @@
#print _("Failed to translate booleans.\n%s") % e
pass
+def boolean_desc(boolean):
+ if boolean in booleans_dict:
+ return _(booleans_dict[boolean][2])
+ else:
+ return boolean
+
def validate_level(raw):
sensitivity = "s[0-9]*"
category = "c[0-9]*"
@@ -1456,10 +1462,7 @@
return ddict
def get_desc(self, boolean):
- if boolean in booleans_dict:
- return _(booleans_dict[boolean][2])
- else:
- return boolean
+ return boolean_desc(boolean)
def get_category(self, boolean):
if boolean in booleans_dict:
[-- Attachment #3: audit2allow.patch.sig --]
[-- Type: application/octet-stream, Size: 72 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: audit2allow patch
2008-01-23 22:22 Daniel J Walsh
@ 2008-01-24 18:37 ` Stephen Smalley
2008-01-24 18:56 ` Stephen Smalley
0 siblings, 1 reply; 6+ messages in thread
From: Stephen Smalley @ 2008-01-24 18:37 UTC (permalink / raw)
To: Daniel J Walsh; +Cc: SE Linux
On Wed, 2008-01-23 at 17:22 -0500, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Fan through pychecker and cleaned up some bugs.
>
> Also added booleans description from policy.xml file
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.8 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkeXvjMACgkQrlYvE4MpobOsgwCfbTTJxThRmfUw5LHQGhsG99vj
> rtwAoMTo1ms2h6dOQXmrtLpHrwB1Ec5Z
> =mNcO
> -----END PGP SIGNATURE-----
> plain text document attachment (audit2allow.patch)
> --- nsapolicycoreutils/audit2allow/audit2allow 2008-01-23 16:47:07.000000000 -0500
> +++ policycoreutils-2.0.37/audit2allow/audit2allow 2008-01-23 17:15:21.000000000 -0500
> @@ -19,7 +19,6 @@
> #
>
> import sys
> -import tempfile
>
> import sepolgen.audit as audit
> import sepolgen.policygen as policygen
> @@ -153,9 +152,9 @@
>
> def __process_input(self):
> if self.__options.type:
> - filter = audit.TypeFilter(self.__options.type)
> - self.__avs = self.__parser.to_access(filter)
> - self.__selinux_errs = self.__parser.to_role(filter)
> + avcfilter = audit.TypeFilter(self.__options.type)
> + self.__avs = self.__parser.to_access(avcfilter)
> + self.__selinux_errs = self.__parser.to_role(avcfilter)
> else:
> self.__avs = self.__parser.to_access()
> self.__selinux_errs = self.__parser.to_role()
> @@ -221,13 +220,14 @@
> def __output_audit2why(self):
> import selinux
> import selinux.audit2why as audit2why
> + import seobject
> audit2why.init("%s.%s" % (selinux.selinux_binary_policy_path(), selinux.security_policyvers()))
> for i in self.__parser.avc_msgs:
> rc, bools = audit2why.analyze(i.scontext.to_string(), i.tcontext.to_string(), i.tclass, i.accesses)
> if rc >= 0:
> print "%s\n\tWas caused by:" % i.message
> if rc == audit2why.NOPOLICY:
> - raise "Must call policy_init first"
> + raise RuntimeError("Must call policy_init first")
> if rc == audit2why.BADTCON:
> print "Invalid Target Context %s\n" % i.tcontext
> continue
> @@ -241,7 +241,7 @@
> print "Invalid permission %s\n" % i.accesses
> continue
> if rc == audit2why. BADCOMPUTE:
> - raise "Error during access vector computation"
> + raise RuntimeError("Error during access vector computation")
> if rc == audit2why.ALLOW:
> print "\t\tUnknown - would be allowed by active policy\n",
> print "\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n"
> @@ -251,12 +251,14 @@
> if len(bools) > 1:
> print "\tOne of the following booleans was set incorrectly."
> for b in bools:
> - print "\n\tBoolean %s is %d. Allow access by executing:" % (b[0], not b[1])
> - print "\t# setsebool -P %s %d" % (b[0], b[1])
> + print "\n\tBoolean %s is %d." % (b[0], not b[1])
Here is you have "not b[1]".
> + print "\tDescription:\n\t%s\n" % seobject.boolean_desc(b[0])
> + print "\tAllow access by executing:\n\t# setsebool -P %s %d" % (b[0], b[1])
> else:
> - print "\tThe boolean %s was set incorrectly. Allow access by executing:" % bools[0][0]
> - print "\t# setsebool -P %s %d\n" % (bools[0][0], bools[0][1])
> -
> + print "\tThe boolean %s set incorrectly. " % (bools[0][0])
> + print "\n\tBoolean %s is %d." % (bools[0][0], bools[0][1])
Here you have "bools[0][1]".
Should that be negated too (looks like it - I get the wrong output in
running it on sample avc messages)? But what's the point of even doing
that if we are just displaying the negation of what we are going to tell
them to pass to setsebool, and since we've already told them it is
wrong?
> + print "\tDescription:\n\t%s\n" % seobject.boolean_desc(bools[0][0])
> + print "\tAllow access by executing:\n\t# setsebool -P %s %d" % (bools[0][0], bools[0][1])
> continue
>
> if rc == audit2why.TERULE:
> --- nsapolicycoreutils/semanage/seobject.py 2007-12-10 21:42:27.000000000 -0500
> +++ policycoreutils-2.0.37/semanage/seobject.py 2008-01-23 17:13:45.000000000 -0500
> @@ -117,6 +117,12 @@
> #print _("Failed to translate booleans.\n%s") % e
> pass
>
> +def boolean_desc(boolean):
> + if boolean in booleans_dict:
> + return _(booleans_dict[boolean][2])
> + else:
> + return boolean
> +
> def validate_level(raw):
> sensitivity = "s[0-9]*"
> category = "c[0-9]*"
> @@ -1456,10 +1462,7 @@
> return ddict
>
> def get_desc(self, boolean):
> - if boolean in booleans_dict:
> - return _(booleans_dict[boolean][2])
> - else:
> - return boolean
> + return boolean_desc(boolean)
>
> def get_category(self, boolean):
> if boolean in booleans_dict:
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: audit2allow patch
2008-01-24 18:37 ` Stephen Smalley
@ 2008-01-24 18:56 ` Stephen Smalley
2008-01-24 19:30 ` Stephen Smalley
0 siblings, 1 reply; 6+ messages in thread
From: Stephen Smalley @ 2008-01-24 18:56 UTC (permalink / raw)
To: Daniel J Walsh; +Cc: SE Linux
On Thu, 2008-01-24 at 13:37 -0500, Stephen Smalley wrote:
> On Wed, 2008-01-23 at 17:22 -0500, Daniel J Walsh wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Fan through pychecker and cleaned up some bugs.
> >
> > Also added booleans description from policy.xml file
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.8 (GNU/Linux)
> > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
> >
> > iEYEARECAAYFAkeXvjMACgkQrlYvE4MpobOsgwCfbTTJxThRmfUw5LHQGhsG99vj
> > rtwAoMTo1ms2h6dOQXmrtLpHrwB1Ec5Z
> > =mNcO
> > -----END PGP SIGNATURE-----
> > plain text document attachment (audit2allow.patch)
> > --- nsapolicycoreutils/audit2allow/audit2allow 2008-01-23 16:47:07.000000000 -0500
> > +++ policycoreutils-2.0.37/audit2allow/audit2allow 2008-01-23 17:15:21.000000000 -0500
> > @@ -19,7 +19,6 @@
> > #
> >
> > import sys
> > -import tempfile
> >
> > import sepolgen.audit as audit
> > import sepolgen.policygen as policygen
> > @@ -153,9 +152,9 @@
> >
> > def __process_input(self):
> > if self.__options.type:
> > - filter = audit.TypeFilter(self.__options.type)
> > - self.__avs = self.__parser.to_access(filter)
> > - self.__selinux_errs = self.__parser.to_role(filter)
> > + avcfilter = audit.TypeFilter(self.__options.type)
> > + self.__avs = self.__parser.to_access(avcfilter)
> > + self.__selinux_errs = self.__parser.to_role(avcfilter)
> > else:
> > self.__avs = self.__parser.to_access()
> > self.__selinux_errs = self.__parser.to_role()
> > @@ -221,13 +220,14 @@
> > def __output_audit2why(self):
> > import selinux
> > import selinux.audit2why as audit2why
> > + import seobject
> > audit2why.init("%s.%s" % (selinux.selinux_binary_policy_path(), selinux.security_policyvers()))
> > for i in self.__parser.avc_msgs:
> > rc, bools = audit2why.analyze(i.scontext.to_string(), i.tcontext.to_string(), i.tclass, i.accesses)
> > if rc >= 0:
> > print "%s\n\tWas caused by:" % i.message
> > if rc == audit2why.NOPOLICY:
> > - raise "Must call policy_init first"
> > + raise RuntimeError("Must call policy_init first")
> > if rc == audit2why.BADTCON:
> > print "Invalid Target Context %s\n" % i.tcontext
> > continue
> > @@ -241,7 +241,7 @@
> > print "Invalid permission %s\n" % i.accesses
> > continue
> > if rc == audit2why. BADCOMPUTE:
> > - raise "Error during access vector computation"
> > + raise RuntimeError("Error during access vector computation")
> > if rc == audit2why.ALLOW:
> > print "\t\tUnknown - would be allowed by active policy\n",
> > print "\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n"
> > @@ -251,12 +251,14 @@
> > if len(bools) > 1:
> > print "\tOne of the following booleans was set incorrectly."
> > for b in bools:
> > - print "\n\tBoolean %s is %d. Allow access by executing:" % (b[0], not b[1])
> > - print "\t# setsebool -P %s %d" % (b[0], b[1])
> > + print "\n\tBoolean %s is %d." % (b[0], not b[1])
>
> Here is you have "not b[1]".
>
> > + print "\tDescription:\n\t%s\n" % seobject.boolean_desc(b[0])
> > + print "\tAllow access by executing:\n\t# setsebool -P %s %d" % (b[0], b[1])
> > else:
> > - print "\tThe boolean %s was set incorrectly. Allow access by executing:" % bools[0][0]
> > - print "\t# setsebool -P %s %d\n" % (bools[0][0], bools[0][1])
> > -
> > + print "\tThe boolean %s set incorrectly. " % (bools[0][0])
> > + print "\n\tBoolean %s is %d." % (bools[0][0], bools[0][1])
>
> Here you have "bools[0][1]".
>
> Should that be negated too (looks like it - I get the wrong output in
> running it on sample avc messages)? But what's the point of even doing
> that if we are just displaying the negation of what we are going to tell
> them to pass to setsebool, and since we've already told them it is
> wrong?
I'm just going to drop the "Boolean is ..." lines out altogether, since
the rest of the message tells them it is incorrect, what it means and
what command to execute.
>
> > + print "\tDescription:\n\t%s\n" % seobject.boolean_desc(bools[0][0])
> > + print "\tAllow access by executing:\n\t# setsebool -P %s %d" % (bools[0][0], bools[0][1])
> > continue
> >
> > if rc == audit2why.TERULE:
> > --- nsapolicycoreutils/semanage/seobject.py 2007-12-10 21:42:27.000000000 -0500
> > +++ policycoreutils-2.0.37/semanage/seobject.py 2008-01-23 17:13:45.000000000 -0500
> > @@ -117,6 +117,12 @@
> > #print _("Failed to translate booleans.\n%s") % e
> > pass
> >
> > +def boolean_desc(boolean):
> > + if boolean in booleans_dict:
> > + return _(booleans_dict[boolean][2])
> > + else:
> > + return boolean
> > +
> > def validate_level(raw):
> > sensitivity = "s[0-9]*"
> > category = "c[0-9]*"
> > @@ -1456,10 +1462,7 @@
> > return ddict
> >
> > def get_desc(self, boolean):
> > - if boolean in booleans_dict:
> > - return _(booleans_dict[boolean][2])
> > - else:
> > - return boolean
> > + return boolean_desc(boolean)
> >
> > def get_category(self, boolean):
> > if boolean in booleans_dict:
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: audit2allow patch
2008-01-24 18:56 ` Stephen Smalley
@ 2008-01-24 19:30 ` Stephen Smalley
0 siblings, 0 replies; 6+ messages in thread
From: Stephen Smalley @ 2008-01-24 19:30 UTC (permalink / raw)
To: Daniel J Walsh; +Cc: SE Linux
On Thu, 2008-01-24 at 13:56 -0500, Stephen Smalley wrote:
> On Thu, 2008-01-24 at 13:37 -0500, Stephen Smalley wrote:
> > On Wed, 2008-01-23 at 17:22 -0500, Daniel J Walsh wrote:
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > Fan through pychecker and cleaned up some bugs.
> > >
> > > Also added booleans description from policy.xml file
> > >
> > > -----BEGIN PGP SIGNATURE-----
> > > Version: GnuPG v1.4.8 (GNU/Linux)
> > > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
> > >
> > > iEYEARECAAYFAkeXvjMACgkQrlYvE4MpobOsgwCfbTTJxThRmfUw5LHQGhsG99vj
> > > rtwAoMTo1ms2h6dOQXmrtLpHrwB1Ec5Z
> > > =mNcO
> > > -----END PGP SIGNATURE-----
> > > plain text document attachment (audit2allow.patch)
> > > --- nsapolicycoreutils/audit2allow/audit2allow 2008-01-23 16:47:07.000000000 -0500
> > > +++ policycoreutils-2.0.37/audit2allow/audit2allow 2008-01-23 17:15:21.000000000 -0500
> > > @@ -19,7 +19,6 @@
> > > #
> > >
> > > import sys
> > > -import tempfile
> > >
> > > import sepolgen.audit as audit
> > > import sepolgen.policygen as policygen
> > > @@ -153,9 +152,9 @@
> > >
> > > def __process_input(self):
> > > if self.__options.type:
> > > - filter = audit.TypeFilter(self.__options.type)
> > > - self.__avs = self.__parser.to_access(filter)
> > > - self.__selinux_errs = self.__parser.to_role(filter)
> > > + avcfilter = audit.TypeFilter(self.__options.type)
> > > + self.__avs = self.__parser.to_access(avcfilter)
> > > + self.__selinux_errs = self.__parser.to_role(avcfilter)
> > > else:
> > > self.__avs = self.__parser.to_access()
> > > self.__selinux_errs = self.__parser.to_role()
> > > @@ -221,13 +220,14 @@
> > > def __output_audit2why(self):
> > > import selinux
> > > import selinux.audit2why as audit2why
> > > + import seobject
> > > audit2why.init("%s.%s" % (selinux.selinux_binary_policy_path(), selinux.security_policyvers()))
> > > for i in self.__parser.avc_msgs:
> > > rc, bools = audit2why.analyze(i.scontext.to_string(), i.tcontext.to_string(), i.tclass, i.accesses)
> > > if rc >= 0:
> > > print "%s\n\tWas caused by:" % i.message
> > > if rc == audit2why.NOPOLICY:
> > > - raise "Must call policy_init first"
> > > + raise RuntimeError("Must call policy_init first")
> > > if rc == audit2why.BADTCON:
> > > print "Invalid Target Context %s\n" % i.tcontext
> > > continue
> > > @@ -241,7 +241,7 @@
> > > print "Invalid permission %s\n" % i.accesses
> > > continue
> > > if rc == audit2why. BADCOMPUTE:
> > > - raise "Error during access vector computation"
> > > + raise RuntimeError("Error during access vector computation")
> > > if rc == audit2why.ALLOW:
> > > print "\t\tUnknown - would be allowed by active policy\n",
> > > print "\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n"
> > > @@ -251,12 +251,14 @@
> > > if len(bools) > 1:
> > > print "\tOne of the following booleans was set incorrectly."
> > > for b in bools:
> > > - print "\n\tBoolean %s is %d. Allow access by executing:" % (b[0], not b[1])
> > > - print "\t# setsebool -P %s %d" % (b[0], b[1])
> > > + print "\n\tBoolean %s is %d." % (b[0], not b[1])
> >
> > Here is you have "not b[1]".
> >
> > > + print "\tDescription:\n\t%s\n" % seobject.boolean_desc(b[0])
> > > + print "\tAllow access by executing:\n\t# setsebool -P %s %d" % (b[0], b[1])
> > > else:
> > > - print "\tThe boolean %s was set incorrectly. Allow access by executing:" % bools[0][0]
> > > - print "\t# setsebool -P %s %d\n" % (bools[0][0], bools[0][1])
> > > -
> > > + print "\tThe boolean %s set incorrectly. " % (bools[0][0])
> > > + print "\n\tBoolean %s is %d." % (bools[0][0], bools[0][1])
> >
> > Here you have "bools[0][1]".
> >
> > Should that be negated too (looks like it - I get the wrong output in
> > running it on sample avc messages)? But what's the point of even doing
> > that if we are just displaying the negation of what we are going to tell
> > them to pass to setsebool, and since we've already told them it is
> > wrong?
>
> I'm just going to drop the "Boolean is ..." lines out altogether, since
> the rest of the message tells them it is incorrect, what it means and
> what command to execute.
Merged with that change and slight rewording of the messages for the
other audit2why cases, hopefully to be clearer. We still need to do
more work to make the other audit2why cases useful to end users, e.g.
audit2why needs to figure out precisely what type attribute would have
helped with a given policy constraint failure (and ideally audit2allow
could then generate the typeattribute rule or look for a matching
interface), and we ought to be able to generate role allow rules easily
enough.
> >
> > > + print "\tDescription:\n\t%s\n" % seobject.boolean_desc(bools[0][0])
> > > + print "\tAllow access by executing:\n\t# setsebool -P %s %d" % (bools[0][0], bools[0][1])
> > > continue
> > >
> > > if rc == audit2why.TERULE:
> > > --- nsapolicycoreutils/semanage/seobject.py 2007-12-10 21:42:27.000000000 -0500
> > > +++ policycoreutils-2.0.37/semanage/seobject.py 2008-01-23 17:13:45.000000000 -0500
> > > @@ -117,6 +117,12 @@
> > > #print _("Failed to translate booleans.\n%s") % e
> > > pass
> > >
> > > +def boolean_desc(boolean):
> > > + if boolean in booleans_dict:
> > > + return _(booleans_dict[boolean][2])
> > > + else:
> > > + return boolean
> > > +
> > > def validate_level(raw):
> > > sensitivity = "s[0-9]*"
> > > category = "c[0-9]*"
> > > @@ -1456,10 +1462,7 @@
> > > return ddict
> > >
> > > def get_desc(self, boolean):
> > > - if boolean in booleans_dict:
> > > - return _(booleans_dict[boolean][2])
> > > - else:
> > > - return boolean
> > > + return boolean_desc(boolean)
> > >
> > > def get_category(self, boolean):
> > > if boolean in booleans_dict:
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 6+ messages in thread
* audit2allow patch
@ 2009-01-13 13:52 Daniel J Walsh
2009-02-18 21:16 ` Joshua Brindle
0 siblings, 1 reply; 6+ messages in thread
From: Daniel J Walsh @ 2009-01-13 13:52 UTC (permalink / raw)
To: SE Linux
[-- Attachment #1: Type: text/plain, Size: 359 bytes --]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Remove --tefile from manpage, option does not exist.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAklsnLIACgkQrlYvE4MpobOrGQCgs76GOeXnSKrLCX69GpCAiIZN
f4AAn312U9ill0sLCKWP1bsL661mctEH
=D9bQ
-----END PGP SIGNATURE-----
[-- Attachment #2: policycoreutils_audit2allow.patch --]
[-- Type: text/plain, Size: 583 bytes --]
--- nsapolicycoreutils/audit2allow/audit2allow.1 2009-01-13 08:45:35.000000000 -0500
+++ policycoreutils-2.0.60/audit2allow/audit2allow.1 2008-12-15 15:35:46.000000000 -0500
@@ -75,9 +75,6 @@
Generate reference policy using installed macros.
This attempts to match denials against interfaces and may be inaccurate.
.TP
-.B "\-t " | "\-\-tefile"
-Indicates input file is a te (type enforcement) file. This can be used to translate old te format to new policy format.
-.TP
.B "\-w" | "\-\-why"
Translates SELinux audit messages into a description of why the access was denied
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: audit2allow patch
2009-01-13 13:52 audit2allow patch Daniel J Walsh
@ 2009-02-18 21:16 ` Joshua Brindle
0 siblings, 0 replies; 6+ messages in thread
From: Joshua Brindle @ 2009-02-18 21:16 UTC (permalink / raw)
To: Daniel J Walsh; +Cc: SE Linux
Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Remove --tefile from manpage, option does not exist.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>
> iEYEARECAAYFAklsnLIACgkQrlYvE4MpobOrGQCgs76GOeXnSKrLCX69GpCAiIZN
> f4AAn312U9ill0sLCKWP1bsL661mctEH
> =D9bQ
> -----END PGP SIGNATURE-----
>
Merged in policycoreutils 2.0.62
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2009-02-18 21:16 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-01-13 13:52 audit2allow patch Daniel J Walsh
2009-02-18 21:16 ` Joshua Brindle
-- strict thread matches above, loose matches on Subject: below --
2008-01-23 22:22 Daniel J Walsh
2008-01-24 18:37 ` Stephen Smalley
2008-01-24 18:56 ` Stephen Smalley
2008-01-24 19:30 ` Stephen Smalley
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.