policycoreutils: Comment constraint rules in audit2allow and sepolgen output

Constraint rules in output need to be commented in order to make a policy compilable. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1155974 Patch-by: Miroslav Grepl <mgrepl@redhat.com> Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
2025-02-12 14:48:35 +00:00 · 2015-07-30 17:53:18 +02:00 · 2015-07-30 17:53:18 +02:00 · 7bd95d71f1
commit 7bd95d71f1
parent 5b73ba0f84
2 changed files with 2 additions and 2 deletions
--- a/policycoreutils/audit2allow/audit2allow
+++ b/policycoreutils/audit2allow/audit2allow
@ -273,7 +273,7 @@ class AuditToPolicy:
            if rc == audit2why.CONSTRAINT:
                print()  # !!!! This avc is a constraint violation.  You would need to modify the attributes of either the source or target types to allow this access.\n"
                print("#Constraint rule:")
-                print("\n\t" + data[0])
+                print("\n#\t" + data[0])
                for reason in data[1:]:
                    print("#\tPossible cause is the source %s and target %s are different.\n" % reason)

--- a/sepolgen/src/sepolgen/policygen.py
+++ b/sepolgen/src/sepolgen/policygen.py
@ -177,7 +177,7 @@ class PolicyGenerator:
            if av.type == audit2why.CONSTRAINT:
                rule.comment += "\n#!!!! This avc is a constraint violation.  You would need to modify the attributes of either the source or target types to allow this access."
                rule.comment += "\n#Constraint rule: "
-                rule.comment += "\n\t" + av.data[0]
+                rule.comment += "\n#\t" + av.data[0]
                for reason in av.data[1:]:
                    rule.comment += "\n#\tPossible cause is the source %s and target %s are different." % reason