Braces in path field breaks audit2allow (PROPOSED FIX)
Stephen Smalley
sds at epoch.ncsc.mil
Fri Aug 13 13:28:47 UTC 2004
On Thu, 2004-08-12 at 17:47, t l wrote:
> Sorry to make the first mod so complicated.
>
> After looking at the Perl a bit, this is simpler, but
> depends on 'important brace fields' starting with the
> brace character. Is that correct?
I think so (I didn't write this script, and am not a perl expert
either). The script is just trying to extract the list of permissions,
which starts with a { by itself after the avc: denied prefix. With
regard to your original diff, note that audit2allow captures auxiliary
audit information like path and exe for the -v option; the exceptions
for pid, dev, and ino are just to omit that information, as it was
viewed as too ephemeral to likely be useful when reviewing audit2allow
output.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the fedora-selinux-list
mailing list