Braces in path field breaks audit2allow (PROPOSED FIX)
Tom London
selinux at comcast.net
Fri Aug 13 14:20:48 UTC 2004
Thanks.
I figured the script was doing more with some of the fields, and
reordering the code would break something ....
If the 'we only need to consider braces at the start' assumption
is wrong, I think a more complicated regular expression that
just excludes braces after '=' would work too.
tom
> ------------------------------------------------------------------------
>
> * /From/: Stephen Smalley <sds epoch ncsc mil>
>
> ------------------------------------------------------------------------
>
>On Thu, 2004-08-12 at 17:47, t l wrote:
>> Sorry to make the first mod so complicated.
>>
>> After looking at the Perl a bit, this is simpler, but
>> depends on 'important brace fields' starting with the
>> brace character. Is that correct?
>
>I think so (I didn't write this script, and am not a perl expert
>either). The script is just trying to extract the list of permissions,
>which starts with a { by itself after the avc: denied prefix. With
>regard to your original diff, note that audit2allow captures auxiliary
>audit information like path and exe for the -v option; the exceptions
>for pid, dev, and ino are just to omit that information, as it was
>viewed as too ephemeral to likely be useful when reviewing audit2allow
>output.
>
>--
>Stephen Smalley <sds epoch ncsc mil>
>National Security Agency
>
>
>
More information about the selinux
mailing list