selinux prelink avc's (broken paths in policy?)
Paul Howarth
paul at city-fan.org
Wed May 24 15:06:32 UTC 2006
Christopher Ashworth wrote:
> On Wed, 2006-05-24 at 15:22 +0100, Paul Howarth wrote:
>
>> Is the sorting algorithm documented somewhere (the wiki?)?
>
> The sorting algorithm is based on the following heuristics, applied in
> this order:
>
> When comparing two file contexts A and B...
>
> - if A is a regular expression and B is not, A is less specific than B
> - if A's stem length (the number of characters before the first regular
> expression wildcard) is shorter than B's stem length, A is less specific
> than B
> - if A's string length (the entire length of the file context string) is
> shorter than B's string length, A is less specific than B
> - if A does not have a specified type and B does, A is less specific
> than B.
> - else, they are considered equally specific.
If there are two or more equally specific matches, is one picked at random?
Paul.
More information about the fedora-selinux-list
mailing list