Menu
▾
▴
[Selinux-commits] SF.net SVN: selinux: [2749] trunk/policycoreutils
|
From: <ssm...@us...> - 2008-01-24 20:20:14
|
Revision: 2749
http://selinux.svn.sourceforge.net/selinux/?rev=2749&view=rev
Author: ssmalley
Date: 2008-01-24 11:20:15 -0800 (Thu, 24 Jan 2008)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: audit2allow patch
Date: Wed, 23 Jan 2008 17:22:43 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ran through pychecker and cleaned up some bugs.
Also added booleans description from policy.xml file
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkeXvjMACgkQrlYvE4MpobOsgwCfbTTJxThRmfUw5LHQGhsG99vj
rtwAoMTo1ms2h6dOQXmrtLpHrwB1Ec5Z
=mNcO
-----END PGP SIGNATURE-----
Modified Paths:
--------------
trunk/policycoreutils/audit2allow/audit2allow
trunk/policycoreutils/semanage/seobject.py
Modified: trunk/policycoreutils/audit2allow/audit2allow
===================================================================
--- trunk/policycoreutils/audit2allow/audit2allow 2008-01-23 21:15:12 UTC (rev 2748)
+++ trunk/policycoreutils/audit2allow/audit2allow 2008-01-24 19:20:15 UTC (rev 2749)
@@ -19,7 +19,6 @@
#
import sys
-import tempfile
import sepolgen.audit as audit
import sepolgen.policygen as policygen
@@ -153,9 +152,9 @@
def __process_input(self):
if self.__options.type:
- filter = audit.TypeFilter(self.__options.type)
- self.__avs = self.__parser.to_access(filter)
- self.__selinux_errs = self.__parser.to_role(filter)
+ avcfilter = audit.TypeFilter(self.__options.type)
+ self.__avs = self.__parser.to_access(avcfilter)
+ self.__selinux_errs = self.__parser.to_role(avcfilter)
else:
self.__avs = self.__parser.to_access()
self.__selinux_errs = self.__parser.to_role()
@@ -221,13 +220,14 @@
def __output_audit2why(self):
import selinux
import selinux.audit2why as audit2why
+ import seobject
audit2why.init("%s.%s" % (selinux.selinux_binary_policy_path(), selinux.security_policyvers()))
for i in self.__parser.avc_msgs:
rc, bools = audit2why.analyze(i.scontext.to_string(), i.tcontext.to_string(), i.tclass, i.accesses)
if rc >= 0:
print "%s\n\tWas caused by:" % i.message
if rc == audit2why.NOPOLICY:
- raise "Must call policy_init first"
+ raise RuntimeError("Must call policy_init first")
if rc == audit2why.BADTCON:
print "Invalid Target Context %s\n" % i.tcontext
continue
@@ -241,7 +241,7 @@
print "Invalid permission %s\n" % i.accesses
continue
if rc == audit2why. BADCOMPUTE:
- raise "Error during access vector computation"
+ raise RuntimeError("Error during access vector computation")
if rc == audit2why.ALLOW:
print "\t\tUnknown - would be allowed by active policy\n",
print "\t\tPossible mismatch between this policy and the one under which the audit message was generated.\n"
@@ -251,28 +251,28 @@
if len(bools) > 1:
print "\tOne of the following booleans was set incorrectly."
for b in bools:
- print "\n\tBoolean %s is %d. Allow access by executing:" % (b[0], not b[1])
- print "\t# setsebool -P %s %d" % (b[0], b[1])
+ print "\tDescription:\n\t%s\n" % seobject.boolean_desc(b[0])
+ print "\tAllow access by executing:\n\t# setsebool -P %s %d" % (b[0], b[1])
else:
- print "\tThe boolean %s was set incorrectly. Allow access by executing:" % bools[0][0]
- print "\t# setsebool -P %s %d\n" % (bools[0][0], bools[0][1])
-
+ print "\tThe boolean %s was set incorrectly. " % (bools[0][0])
+ print "\tDescription:\n\t%s\n" % seobject.boolean_desc(bools[0][0])
+ print "\tAllow access by executing:\n\t# setsebool -P %s %d" % (bools[0][0], bools[0][1])
continue
if rc == audit2why.TERULE:
- print "\t\tMissing or disabled type enforcing (TE) allow rule.\n"
- print "\t\tYou can use audit2allow to generate the missing allow rules and/or load policy to allow this access.\n"
+ print "\t\tMissing type enforcement (TE) allow rule.\n"
+ print "\t\tYou can use audit2allow to generate a loadable module to allow this access.\n"
continue
if rc == audit2why.CONSTRAINT:
- print "\t\tConstraint violation.\n"
- print "\t\tCheck policy/constraints.\n"
- print "\t\tTypically, you just need to add a type attribute to the domain to satisfy the constraint.\n"
+ print "\t\tPolicy constraint violation.\n"
+ print "\t\tMay require adding a type attribute to the domain or type to satisfy the constraint.\n"
+ print "\t\tConstraints are defined in the policy sources in policy/constraints (general), policy/mcs (MCS), and policy/mls (MLS).\n"
continue
if rc == audit2why.RBAC:
print "\t\tMissing role allow rule.\n"
- print "\t\tAdd allow rule for the role pair.\n"
+ print "\t\tAdd an allow rule for the role pair.\n"
continue
audit2why.finish()
Modified: trunk/policycoreutils/semanage/seobject.py
===================================================================
--- trunk/policycoreutils/semanage/seobject.py 2008-01-23 21:15:12 UTC (rev 2748)
+++ trunk/policycoreutils/semanage/seobject.py 2008-01-24 19:20:15 UTC (rev 2749)
@@ -117,6 +117,12 @@
#print _("Failed to translate booleans.\n%s") % e
pass
+def boolean_desc(boolean):
+ if boolean in booleans_dict:
+ return _(booleans_dict[boolean][2])
+ else:
+ return boolean
+
def validate_level(raw):
sensitivity = "s[0-9]*"
category = "c[0-9]*"
@@ -1456,10 +1462,7 @@
return ddict
def get_desc(self, boolean):
- if boolean in booleans_dict:
- return _(booleans_dict[boolean][2])
- else:
- return boolean
+ return boolean_desc(boolean)
def get_category(self, boolean):
if boolean in booleans_dict:
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
