60956ac7ec5ad9cdf3eb3e338f7a61511cae73b3 |
|
05-Aug-2015 |
Robert Kuska <rkuska@redhat.com> |
sepolgen: Decode output from Popen in Python3 In Python3 output from Popen communicate function returns bytes, to handle output as a string it is needed to properly decode it. Signed-off-by: Robert Kuska <rkuska@redhat.com>
/external/selinux/sepolgen/src/sepolgen/audit.py
|
15a7553d2274a351fb1098f7bfab86346c5a04b8 |
|
16-Jul-2015 |
Robert Kuska <rkuska@redhat.com> |
sepolgen: Apply fixes discovered by 2to3 where needed. Replace usage of print statement with print function. Use `in` instead of `has_key` when checking for key in dict. When using `raise` add text (if any) as parameter of exception function. Add Python3 imports of moved modules. Replace `map` with list comprehension. Use reserved word `as` in try-except when catching exception. Replace `ifilter` function with `filter`. Signed-off-by: Robert Kuska <rkuska@redhat.com>
/external/selinux/sepolgen/src/sepolgen/audit.py
|
fd00e882c4886124008cf473e4a9af1dd7a93b68 |
|
16-Jul-2015 |
Robert Kuska <rkuska@redhat.com> |
sepolgen: Use relative imports for modules within sepolgen. Python 3 changes the syntax for imports from within a package, requiring you to use the relative import syntax, saying from . import mymodule instead of the just import mymodule. Signed-off-by: Robert Kuska <rkuska@redhat.com>
/external/selinux/sepolgen/src/sepolgen/audit.py
|
4a674abd341bf6847d5f245d57b42f4fd0786123 |
|
28-Oct-2013 |
Dan Walsh <dwalsh@redhat.com> |
Return the sections of the source and target context that differ Help the administrator/policy developer to see what parts of the label are different. For example if you get a constraint violation and the role of the source and target differ, audit2allow will suggest this might be the problem.
/external/selinux/sepolgen/src/sepolgen/audit.py
|
56258807ea4b33cf3c7a1dbf1b574ab77c91f899 |
|
25-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Revert "Richard Haines patch that allows us discover constraint violation information" This reverts commit 56b49ab7114f367f46b70e41d84dc7e6d52d5209. Conflicts: libselinux/src/audit2why.c
/external/selinux/sepolgen/src/sepolgen/audit.py
|
56b49ab7114f367f46b70e41d84dc7e6d52d5209 |
|
09-Oct-2013 |
Dan Walsh <dwalsh@redhat.com> |
Richard Haines patch that allows us discover constraint violation information Basically we need this information to allow audit2allow/audit2why to better describe which constraint is being broken.
/external/selinux/sepolgen/src/sepolgen/audit.py
|
a2a50eaaec750af192d4a8b37f5022242e30f06e |
|
16-Oct-2012 |
rhatdan <dwalsh@redhat.com> |
sepolgen: audit.py: Handle times in foreign locals for audit2allow -b Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/sepolgen/src/sepolgen/audit.py
|
628bcc69e23d96cec308bae5c70bebdeebeeeecc |
|
12-Sep-2012 |
Eric Paris <eparis@redhat.com> |
policycoreutils: sepolgen: return and output constraint violation information update sepolgen to return constraint violation information. Then output that information in audit2allow. Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/sepolgen/src/sepolgen/audit.py
|
df45dcdf3db2d02930bbd095f6e9bc4f3eafdf3f |
|
18-Jan-2012 |
Dan Walsh <dwalsh@redhat.com> |
sepolgen: audit.py Dont crash if empty data is passed to sepolgen If you pass output from a log file that does not include any avc's audit2allow will crash. This patch fixes this problem. ausearch -m avc -ts recent | audit2allow If there was no AVC's recently, we do not want the python to crash. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/sepolgen/src/sepolgen/audit.py
|
5c3211bccad45be0f546dbf976200142d1e4959d |
|
01-Nov-2011 |
Eric Paris <eparis@redhat.com> |
sepolgen: better analysis of why things broke combine analysys of audit2why into audit2allow, so users can see if a boolean would solve an AVC or if it is a constrain violation. Rather then blindly adding allow rules to modules. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/sepolgen/src/sepolgen/audit.py
|
077e8635173ae51576ee6c27eb7c6d12243294e9 |
|
13-Oct-2011 |
Dan Walsh <dwalsh@redhat.com> |
sepolgen: Return name field in avc data Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/sepolgen/src/sepolgen/audit.py
|
03cd8c2d47eb5ad3d7242ac1a0c71adc1e16ad89 |
|
12-Mar-2010 |
Daniel J Walsh <dwalsh@redhat.com> |
This patch allows audit2allow to look at all avc's since the last time the machine booted. Acked-by: Karl MacMillan <kmacmillan@tresys.com>
/external/selinux/sepolgen/src/sepolgen/audit.py
|
a3ccf607a2137a2bdfd21b21502803d02a1ea530 |
|
08-Sep-2009 |
Stephen Smalley <sds@tycho.nsa.gov> |
policycoreutils: audit2allow -l doesn't work with dmesg pipe On Mon, 2009-08-24 at 23:37 +1000, Russell Coker wrote: > On Mon, 24 Aug 2009, Daniel J Walsh <dwalsh@redhat.com> wrote: > > >>> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503252 > > >> > > >> audit2allow -l is looking for the load_policy message which does not go > > >> to the dmesg, /var/log/messages. Therefore the tool has no idea when > > >> policy was last loaded. > > > > > > That would be a kernel bug then. > > > > Well I believe the messages that are intercepted by the audit.log do not go > > into dmesg, by design. Although Steve, James or Eric could probably say for > > sure. > > When auditd is not running on a Debian system with CentOS kernel > 2.6.18-92.1.13.el5xen or Debian/Lenny kernel 2.6.26-2-xen-686 then nothing > goes to the kernel message log which is interpreted by audit2allow as a > candidate for the "-l" functionality. > > It's OK if all the AVC messages go to the audit log and "dmesg|audit2allow -l" > gives no output. But if all AVC messages other than the load_policy message > go to the kernel message log then it's a bug. Originally audit2allow used the avc: allowed message generated by auditallow statement for load_policy to identify policy reloads. Later it was switched to use the MAC_POLICY_LOAD events generated by the audit framework. Those events should still get logged via printk if auditd is not running, but it appears that the code (audit_printk_skb) will then log the type= field as an integer rather than a string, and audit2allow/sepolgen only looks for the string MAC_POLICY_LOAD. So I suspect that this would be resolved by modifying sepolgen/audit.py to also match on type=1403 for load messages. Try this: Signed-off-by: Joshua Brindle <method@manicmethod.com>
/external/selinux/sepolgen/src/sepolgen/audit.py
|
13cd4c8960688af11ad23b4c946149015c80d549 |
|
19-Aug-2008 |
Joshua Brindle <method@manicmethod.com> |
initial import from svn trunk revision 2950
/external/selinux/sepolgen/src/sepolgen/audit.py
|